Breach Horizon
Legal, written-scope testing

Pen testing that starts with permission.

Breach Horizon offers external attack-surface assessments and authorized penetration testing for organizations that want to know what attackers can see, prove the risk safely, and fix the gaps with clean executive evidence.

Legal baseline
  • Contracting entity: the legal entity named in the signed SOW or order form.
  • Client authority: requester must confirm ownership or written authorization for all targets.
  • Default exclusions: no DoS, credential stuffing, real phishing credential capture, persistence, malware, or third-party testing.
  • Not legal advice: final MSA/SOW language should be reviewed by counsel before paid launch.
Lead-in scan
Free

Free Domain Exposure Scan

A light, public-surface review for domain, email, TLS, headers, and obvious exposure. No credentials, no exploitation, no intrusive testing.

  • DNS, SPF, DMARC, MX posture
  • TLS and security-header signals
  • Basic subdomain and public endpoint checks
  • Plain-English risk summary
Most common
From $995

External Attack Surface Assessment

A written-scope external review modeled after the assessments we produce internally: evidence, severity, OWASP mapping, and a remediation plan.

  • Website and CMS exposure review
  • VPN, webmail, cPanel, and portal exposure
  • WordPress/API/directory-index checks
  • Executive PDF and technical appendix
Formal RoE
Scoped quote

Authorized Penetration Test

A controlled test performed only after authorization, scope, rules of engagement, and emergency contacts are signed off by the client.

  • Authenticated web/API testing when credentials are supplied
  • Controlled exploit validation where approved
  • Remote-access and VPN posture review
  • Retest letter after remediation

Written authorization

Testing starts only after the asset owner signs scope and authorization.

Rules of engagement

Every engagement defines targets, windows, intensity, stop conditions, and emergency contacts.

Non-destructive default

No password spraying, DoS, social engineering, or exploit chaining unless explicitly written into scope.

Findings over theatrics

We prioritize verified business risk, evidence, remediation, and retestability over flashy payloads.

External attack surface

Domains, DNS, exposed subdomains, public ports, TLS, web headers, mail security, stale vendor records, and takeover indicators.

Web/CMS and hosting

WordPress, plugin metadata, REST exposure, directory indexing, webmail/cPanel surfaces, public admin endpoints, and safe OWASP checks.

Remote access

VPN portals, certificate hygiene, MFA evidence, rate-limit posture, login surfaces, and vendor/version exposure from outside.