Cyber Risk Quantified. Outcomes Delivered.

Certbar Security is a CERT-In empanelled, ISO 27001:2022 certified, DSCI registered cybersecurity consultancy. We deliver manual penetration testing (web, mobile, network, API, cloud, IoT), red team assessments, 24/7 managed SOC, AI security testing, data privacy programs, and audit-ready compliance for DPDP Act 2023, ISO 27001, SOC 2, GDPR, HIPAA, and PCI DSS. Founded in 2019, we work with fintech, healthcare, SaaS, e-commerce, manufacturing, and government across India, US, UK, Canada, and Australia.

Yes. Certbar Security is empanelled by the Indian Computer Emergency Response Team (CERT-In) under the Ministry of Electronics and Information Technology (MeitY). Our penetration test reports are accepted for regulatory and compliance audits in India, including RBI cybersecurity framework audits for banks and NBFCs, SEBI audits for capital market intermediaries, and IRDAI audits for insurance providers.

We offer 11 specialized pentest services: web application pentesting (OWASP Top 10 + business logic), mobile application pentesting (iOS and Android), network pentesting (internal + external), API pentesting (REST, GraphQL, gRPC), cloud pentesting (AWS, Azure, GCP), Active Directory pentesting, IoT device pentesting (firmware, hardware, RF), thick client pentesting, plus full red team assessments mapped to MITRE ATT&CK. Every engagement is manual, OSCP-led, and produces reproducible findings — not scanner output.

Pentest pricing depends on scope, application complexity, and authentication boundaries. Typical engagements range from ₹1.5 lakh for a small web app scope to ₹15 lakh+ for enterprise red team assessments with multi-cloud and network coverage. Certbar provides a fixed-scope quote within 24 hours after a 30-minute discovery call. Most engagements ship a board-ready brief in 4 to 6 weeks.

Vulnerability Assessment and Penetration Testing (VAPT) is scoped, time-bounded, and focuses on finding and validating vulnerabilities in a defined target (an application, network, or environment). A Red Team Assessment is a multi-vector, objective-based adversary emulation that tests detection, response, and people — not just technology — across phishing, physical, network, and application surfaces, mapped to MITRE ATT&CK. VAPT tells you what is broken; red teaming tells you whether you would catch a real attacker.

A focused single-application pentest typically takes 5 to 10 working days of active testing. End-to-end timeline (scope kickoff to board-ready brief + retest) is 4 to 6 weeks. Larger scopes — enterprise red team, multi-cloud assessments, or compliance-driven engagements — run 6 to 12 weeks. Critical findings are disclosed mid-engagement so your team can start remediation in parallel.

Every report has two parts: a one-page board-ready executive brief (quantified business impact in ₹, prioritized fix list, MITRE technique tags, comparison vs your industry peers) and a detailed technical appendix (reproduction steps for every finding, severity scoring, fix-with-code recommendations, retest verification). Reports are accepted for CERT-In, ISO 27001, SOC 2, PCI DSS, and RBI compliance audits.

Yes. Certbar runs a 24/7 Security Operations Center (SOC) delivering round-the-clock detection, triage, escalation, and incident response. Sub-hour mean time to respond (MTTR) on critical alerts. We integrate with your existing SIEM (Splunk, Sentinel, Elastic, Sumo, Wazuh) or deploy ours. Pairs naturally with our vulnerability management and attack surface management services for a full managed-security program.

Most organizations achieve DPDP Act 2023 readiness in 8 to 16 weeks. The timeline depends on the volume of personal data processed, number of data-fiduciary roles, and whether you already have ISO 27001 or GDPR controls in place (these accelerate DPDP because the consent + breach-notification + DPIA processes overlap heavily). Certbar provides DPO-as-a-service so you do not need to hire a full-time data protection officer.

SOC 2 Type I (point-in-time) takes 8 to 12 weeks from kickoff to audit-ready. SOC 2 Type II requires an additional 6-month observation window after Type I, so the total Type II timeline is roughly 9 to 12 months. Certbar handles the readiness work — control mapping, policy authoring, evidence-trail design, gap remediation — and connects you with our partner CPA auditors for the certification itself. We have shipped SOC 2 readiness for 30+ SaaS companies.

Yes. Certbar serves clients across India, the United States, United Kingdom, Canada, and Australia. We have shipped engagements in 14+ countries to date. All work is delivered remotely with on-site presence for kickoff, red team operations, or compliance audits when the client requests it. Engagements are billed in INR, USD, or GBP depending on client preference.

Certbar Security has two offices in India. Headquarters: 409-410 Sunday Hub, Ambatalavdi, Surat, Gujarat 395004. Mumbai office: 802, 72 Corp, Saki Vihar Road, Bandi Bazaar, Nair Wadi, Saki Naka, Mumbai, Maharashtra 400072. Phone: +91 79848 18161. Email: [email protected].