Choose your pentest package

Start with the surface you need tested. Blaze pentest packages are grouped by scope type, so you can quickly find the right path before choosing a package level.

What do you need tested?

SaaS penetration testing

For web applications, SaaS platforms, customer portals, dashboards, APIs, and role-based product workflows.

Choose this path if your main concern is how users, roles, permissions, business logic, authentication, sessions, or exposed application functionality could be abused — the attack surface your cloud provider does not cover.

Best fit for:

  • SaaS products
  • Web applications and portals
  • Admin dashboards
  • API-backed platforms
  • Customer security reviews or compliance audits

Mobile app penetration testing

For iOS and Android applications, including mobile app behavior, client-side risks, and backend API interactions.

Choose this path if your scope includes a mobile app, and you need testing of authentication, session handling, local data storage, API usage, deep links, permissions, or app-side behavior.

Best fit for:

  • iOS and Android apps
  • Mobile apps connected to backend APIs
  • Apps handling sensitive user data
  • Launch, audit, or enterprise review readiness

Cloud penetration testing

For cloud environments, internet-facing systems, exposed services, and external attack surface.

Choose this path if your main concern is how your cloud-hosted infrastructure, perimeter services, exposed assets, or cloud resources could be accessed, misconfigured, chained together, or abused from an attacker's perspective.

Best fit for:

  • Cloud environments
  • Internet-facing infrastructure
  • Exposed services and perimeter systems
  • External attack surface testing
  • Audit, launch, or architecture change validation

Not sure which package fits?

  • Choose SaaS

    if the core scope is a web app, platform, portal, dashboard, API, or application workflow.

  • Choose Mobile

    if the core scope is an iOS or Android app, especially if mobile-specific behavior, device-side storage, app permissions, or mobile API usage matters.

  • Choose Cloud and External Network

    if the core scope is your cloud environment, exposed infrastructure, internet-facing services, or perimeter risk.

Some scopes overlap. A mobile app may rely heavily on APIs. A SaaS platform may include cloud-hosted components. A cloud environment may expose application services. If your scope crosses more than one area, choose the closest match or contact us before purchasing.

How package levels work

  • Each testing surface includes Lite, Essentials, and Assurance options, designed for different scope sizes and assurance needs.

  • Choose SaaS, Mobile, or Cloud and External Network first, then compare the package levels on the dedicated page.