Last Updated: April 9th, 2024

Synack Platform: Product Offering Comparison Guide

SYNACK14 On-Demand Vulnerability Discovery

SYNACK90 Continuous Penetration Testing

SYNACK365 Continuous Penetration Testing

HEADLESS API Penetration Testing

Time of Engagement

2-Week Test

90-Day Test

Year-Round Testing

Testing and proof-of-coverage reports on headless API endpoints

SmartScan with Triage by Synack Red Team

7 days of scanning

90 days of scanning

1 year of scanning


Synack Red Team Top Security Talent performing OVD*

7 days of human-led OVD

90 days of human-led OVD

365 days of human-led OVD

SRT Test each endpoint to produce a proof-of-coverage report


Compliance and Industry Standards Testing

Not included – premium checklists (OWASP & NIST 800-53) available as add-ons

Not included – premium checklists (OWASP & NIST 800-53) available as add-ons

Includes 2 premium checklists (OWASP or NIST 800-53)

Proof-of-coverage report can be shared with compliance auditors

Synack Platform Tiers





Tracking for Researcher Testing Hours

Real-Time Reporting on Exploitable and Suspected Vulnerabilities

Attacker Resistance Score

infoTrack holistic security performance overtime with a risk score

Coverage Analytics

infoProvides real-time information on what, when and how assets are tested

Testing Data History & Retention

Asset List That Catalogs All Tested Assets

Fingerprinting of External Assets to Inform Further Testing

Asset Details Highlighting Previous Testing Results


Synack API

Synack Basic Integrations (Jira, ServiceNow, Microsoft, Splunk, etc.)


Researcher Vetting

Proactive Researcher Rotation

Access to Researchers and Vulnerabilities

Fully Managed Researcher Payouts

infoSynack has an incentive-based model, which means Synack compensates researchers for high quality findings for clients

Single Sign-On (SSO)

Role Based Access Control (RBAC)


Self-Service Pentest Creation

infoUse Synack’s self-service assessment creation tool to launch pentests on your schedule

Pause Testing at the Click of a Button

infoPause testing on a single assessment at any time using a button in the client portal

Synack-Owned Virtual Security Researcher Workspaces

infoSynack provides each Synack Red Team member with a virtual workspace hosted in GCP

Enhanced Security with Testing Data Stored in Synack-Owned Endpoints

infoAll researcher testing data is stored in the virtual, Synack-owned workspace

Data Cleansing Available on Customer’s Request

infoCustomers have the option to ask Synack to delete their data.

Synack Command and Control Infrastructure to Contain Traffic Stemming from Exploits Requiring Callbacks


Active Communication with Researchers

infoChat directly with members of the SRT through the platform

Patch Verification

3 per a vuln (5 credits for a PV for additional re-testing)



Synack On-Demand Security Testing Catalog Access

infoLaunch security testing at any time, including OWASP vuln checklists, zero day tests, and other targeted testing

Internal and External Testing

External testing only

External & internal

External & internal

Number of VPN Connections

infoSynack provides site-to-site VPN setup for internal testing




Vulnerability Disclosure Program Webform

Triage for Vulnerability Disclosure Program

infoSynack will triage vulnerabilities the public submits through your program

200 submissions per a year (each additional submission is 1 credit)


External Researcher Negotiation

infoSynack will manage relationships with members of the public that submit vulnerabilities

Real-Time Reporting for Corporate Boards and CISA

infoSynack provides a client portal for customers to view vulnerability data and generate PDF reports

Self-Service Discovery of New Assets

Seed Groups to Help Organize Assets and Control Access

Continual Discovery of Assets to Surface Testing Candidates

Discovered Asset Reporting Dashboard


Proactive Identification of Test Issues

Customer Success Personnel

Pooled CSM

Named CSM

Named CSM & TAM

Additional Details

*Subscription Period: except as otherwise stated above, all services will be provided during the subscription period set forth in the customer’s order form.
*OVD: incentive based open vulnerability discovery testing performed by the Synack Red Team (SRT) on in-scope test assets pursuant to agreed upon rules of engagement and testing timeline.
*Synack Catalog: with the purchase of Synack Credits, customers can launch additional tests and checklists within the Synack Platform. Synack Credits must be purchased separately.
*Attack Surface Discovery: New assets are discovered weekly and fingerprinted daily. Discovered assets are limited to 25,000 assets. Additional assets can be added for an additional fee.

Additional Offerings

*Synack Credits: Synack Credits are redeemable for the services listed in the Synack Catalog available in the Synack Platform. Catalog offerings and credit prices are subject to periodic change. Synack Credits are redeemable only for Catalog offerings. Synack Credits have no cash value, are non-transferable and non-refundable. Synack Credits are only valid during the customer’s subscription period and any unused credits will expire at the end of the subscription period.