Questions? We've Got Answers.

Find answers to common questions about our services, pricing, and how we work.

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

How do you scope and price an engagement?

Every engagement starts with a discovery call. We scope based on the complexity of your environment, the type of testing or service required, and your timeline. You'll receive a clear proposal with no hidden fees.

What's the difference between a vulnerability assessment and a penetration test?

A vulnerability assessment identifies and catalogues potential weaknesses using automated scanning. A penetration test goes further — our team actively exploits vulnerabilities to determine real-world impact and risk, giving you a much clearer picture of your exposure.

Will your testing disrupt our live systems?

We take every precaution to avoid disruption. Testing is carefully scoped and scheduled, and we coordinate closely with your team. For production environments, we use non-destructive techniques unless otherwise agreed.

How often should we conduct penetration testing?

We recommend at least annually, or after any major infrastructure change, product launch, or code release. Clients in regulated industries or handling sensitive data often test quarterly.

What types of penetration testing do you offer?

We test web applications, APIs, mobile applications, networks and endpoints, and AI/LLM systems. Each assessment is scoped to your environment and follows industry-standard methodologies like OWASP and PTES.

What deliverables can I expect after a penetration test?

You'll receive a detailed report that includes an executive summary, technical findings ranked by severity, proof-of-concept evidence, and clear remediation guidance. We also offer a walkthrough session to discuss the results with your team.

Do you help with remediation or just report findings?

We go beyond the report. We provide remediation guidance, support your developers during fixes, and offer re-testing to verify that vulnerabilities have been properly addressed.

What is CTO as a Service and who is it for?

It's fractional technical leadership for startups and SMEs that need strategic guidance without the cost of a full-time CTO. We help with architecture decisions, vendor evaluations, build-vs-buy tradeoffs, and engineering team structure.

Do you test for compliance requirements like SOC 2 or ISO 27001?

Yes. Our assessments can be scoped to satisfy compliance requirements for SOC 2, ISO 27001, GDPR, and Singapore's Data Protection Trustmark. We also help you prepare the evidence and documentation needed for audits.

How much does a penetration test cost?

Pricing depends on scope, complexity, and the type of assessment. As a rough guide, a straightforward REST API penetration test typically ranges from SGD 5,000 to 10,000. Every quote includes a retest at no extra cost, so you can verify your fixes with confidence. We provide transparent, fixed-price quotes after scoping — no surprises. Reach out for a free consultation to get an estimate.

How do I get started with Palisade?

Schedule a free consultation call through our website. We'll discuss your current security posture, business goals, and recommend a tailored plan — no sales pitch, just an honest conversation.

Do I need to have an existing security setup before working with you?

Not at all. Many of our clients come to us with little or no security infrastructure in place. We meet you where you are and build a roadmap that fits your stage and budget.

Can you test our AI or LLM-based applications?

Yes. We offer specialized testing for AI and LLM systems, including prompt injection, data leakage, model manipulation, and output integrity checks. This is a growing area of risk and we stay on the cutting edge of AI security research.

Do you offer ongoing security monitoring or just one-time assessments?

Both. Our expert services include continuous threat monitoring, managed incident response, and security policy automation — giving you an always-on security partner without the overhead of building it in-house.

Will I receive support if a critical vulnerability is found during testing?

Absolutely. If we discover a critical or actively exploitable vulnerability, we notify you immediately — not at the end of the engagement. We'll work with your team to implement a fix as quickly as possible.

What methodologies do you follow?

We follow industry-recognized frameworks including OWASP Top 10, OWASP MASVS for mobile, PTES, and NIST guidelines. Our approach combines automated tooling with deep manual testing by experienced security engineers.

Do you offer packages or retainer plans?

Yes. For clients who need ongoing support, we offer retainer plans that bundle services like periodic testing, monitoring, and advisory at a reduced rate. We'll tailor a package to your needs.

What payment methods do you accept?

We accept bank transfers and major credit cards. For retainer engagements, we offer monthly or quarterly billing cycles.

How long does it take to begin an engagement?

Most engagements kick off within 1–2 weeks of signing. For urgent needs like incident response, we can mobilize within 24–48 hours.