Expose Real-World Weaknesses
Simulate genuine cyberattacks to uncover exploitable vulnerabilities before threat actors find them.
Penetration Testing
Sweden · NIS2, DORA & ISO 27001 ready
Penetration Testing Services in Sweden That Expose Real Risk
Human-led penetration testing for Swedish organisations. Our Sweden-based testers exploit the weaknesses a real attacker would, then give you a clear report and a free retest to confirm the fixes hold, built for NIS2, DORA and ISO 27001.
eBuilder Security · Attack Path
LIVE · Day 4/10
Live attack path · this engagement
2 / 6 proven
Reconnaissance
CLEARED
Initial access
PROVEN
Privilege escalation
TESTING
Lateral movement
QUEUED
Data reached
QUEUED
Verified & patched
QUEUED
TESTING ACTIVE
Sweden-based testers
Trusted to Test Swedish Organisations
40+ Swedish Kommuner, Regions &
40+ Swedish Kommuner, Regions &
EU-Regulated Enterprises Since 2003
Human-led, OWASP/PTES/NIST-aligned engagements that produce evidence regulators and auditors actually accept.
Free retesting included
CVSS v3.1-rated reporting
100% Sweden data residency
OWASP, PTES & NIST aligned
Trusted by 40+ Swedish Kommuner, Regions and
EU-Regulated Enterprises Since 2003
Why now
Why Penetration Testing Matters Now
Swedish organisations face a sharp rise in regulatory pressure and supply-chain attacks. Penetration testing is how you find the gaps before an attacker does, and how you prove to a regulator or a customer that you checked.
Prove Compliance and Build Trust
Direct evidence for NIS2, ISO 27001 and DORA that shows customers, partners and regulators you take security seriously.
Prevent Costly Breaches
Validate your posture with regular testing and reduce the risk of financial and reputational loss.
OWASP, PTES and NIST Aligned
Every engagement follows recognised industry methodologies, so findings are consistent, repeatable and defensible to an auditor.
Sweden-Based Testers
Tests are run by specialists based in Sweden. Findings, evidence and report stay within Swedish jurisdiction and out of Schrems II exposure.
Test Data Stays in Sweden
No third-country onward transfer of logs, evidence or report content. A real difference from testers who route data through Frankfurt, the UK or the US.
Free Retesting Included
After you remediate the findings, we re-test to confirm the fixes are effective at no extra cost. The report you act on ends with verified results.
~8,000 Orgs Now in Scope
The Cybersäkerhetslagen took effect on 15 January 2026 and extends NIS2 duties to roughly 8,000 Swedish organisations across 18 sectors.
Board Accountability
Under the Cybersäkerhetslagen, board members can be held personally accountable for security measures. A documented test is the most direct evidence they acted.
Miljödata, August 2025
A single ransomware attack on the Swedish supplier Miljödata disrupted services across up to around 200 municipalities and exposed the personal data of more than 1.5 million people.
TLPT Every Three Years
Significant financial entities run threat-led penetration testing at least every three years. Finansinspektionen designates who; the Riksbank coordinates TIBER-SE.
Up to €10M or 2% of Turnover
Fines of up to €10 million or 2% of global annual turnover for serious NIS2 failings. Supervisory authorities across the EU have already started issuing them.
Definition
What Is Penetration Testing?
Penetration testing is a controlled, ethical cyberattack carried out by security specialists. They find and safely exploit weaknesses in your systems the way a real attacker would, then report each risk with evidence and prioritised, practical steps to fix it. It shows what an attacker could actually achieve, not just what might be possible.
Penetration Test vs Vulnerability Scan
Vulnerability scan
Automated, Broad, No Proof of Impact
Lists potential weaknesses from a signature database. Fast and broad, but it cannot show what an attacker could actually do with them.
Penetration test
Expert-Led, Chained, Proves Real-World Impact
Performed by a specialist who manually exploits and chains weaknesses to prove real-world impact, showing what an attacker could actually achieve, with evidence regulators accept.
Scope
Our Penetration Testing Services
Full-scope offensive testing across the assets Swedish organisations actually run, on-site and remote.
Web Application and API
OWASP-aligned testing of web apps and APIs for injection, broken access control and business-logic flaws.
Network, Internal and External
We test perimeter exposure and internal-network attack paths the way a real intruder would, including on-site infrastructure.
Cloud
Configuration, identity and access testing across Azure, AWS and SaaS environments.
Active Directory
Kerberos and LDAP abuse, privilege escalation and lateral movement across your AD estate.
Mobile Application
iOS and Android client and backend testing, covering insecure storage, transport, IPC and API abuse.
Red Team and Social Engineering
Objective-led adversary simulation; phishing, physical and OPSEC, tested against your detection and response.
Compliance
One Test, Evidence for Every Framework
A single engagement produces the evidence Swedish regulators and auditors look for.
| Framework | What it requires | How a pentest provides evidence |
|---|---|---|
| SE Law NIS2 / Cybersäkerhetslagen (SFS 2025:1506) | Art. 21(2)(e)–(f): vulnerability handling and effectiveness testing | Direct, documented evidence of effectiveness |
| EU Reg DORA | Art. 24–27: resilience testing; TLPT every three years for significant entities | Baseline testing, with TIBER-SE guidance where TLPT applies |
| Standard ISO 27001:2022 | Annex A 8.8 vulnerability management; A.8.29 security testing | Independent evidence auditors expect at Stage 2 |
| Industry PCI DSS v4.0 | Requirement 11.4: internal and external testing at least annually | Scoped CDE testing with retest confirmation |
| EU Reg GDPR | Art. 32(1)(d): regular testing of technical and organisational measures | Recurring tests, reportable to IMY under Art. 33 |
~8,000
Swedish organisations now in scope of the Cybersäkerhetslagen · SFS 2025:1506
~200
Municipalities disrupted by the 2025 Miljödata supplier ransomware attack
1.5M+
People whose personal data was exposed in that breach · Miljödata, 2025
€10M / 2%
Of global turnover: the NIS2 penalty ceiling for essential entities · Art. 34
How It Works
One fixed scope. One report your management and your IT team can both act on. From scoping to verified retest, with a single named lead throughout.
Scope and Pre-Test Guidance
We help you set the right scope and brief impacted teams, minimising disruption and documenting the rules of engagement before a single packet is sent.
Rules of engagementCVSS-Rated Report
Every vulnerability rated with evidence, a CVSS v3.1 score and clear, prioritised remediation steps your team can act on immediately.
CVSS v3.1Executive Summary
Written so management can understand and act on the findings, not just the IT team. Suitable for board-level reporting and regulator submissions.
Board-readyPost-Test Walkthrough
A live debrief where we explain each finding, answer questions and support the engineers during the remediation window.
Live sessionFree Retest
We re-test once your team has remediated the findings to confirm the fixes are effective. Included at no extra cost in every engagement.
IncludedSweden-Based Testers
Findings, evidence and report stay within Swedish jurisdiction. No third-country transfer and no Schrems II exposure.
Schrems II safeAn Eight-Step Engagement
From scoping to retest, with a single named lead from kick-off to sign-off.
01
Kick-off
Scoping and Rules of Engagement
We agree assets, depth, testing windows and points of contact, and document the rules of engagement before a single packet is sent.
02
Intelligence
Reconnaissance
Open-source and passive intelligence gathering on exposed services, leaked credentials and supply-chain footprint.
03
Discovery
Scanning and Enumeration
Active discovery of services, accounts and configurations across the scoped attack surface.
04
Attack
Exploitation
Manual exploitation of identified weaknesses to prove real impact, not just theoretical exposure.
05
Depth
Post-Exploitation
Privilege escalation, lateral movement and persistence attempts, exactly as a real attacker would test the depth of the foothold.
06
Evidence
Reporting
CVSS-rated findings with evidence, an executive summary and prioritised remediation steps your team can action immediately.
07
Support
Remediation Support
A live walkthrough of every finding and answers for the engineers fixing them. Email and call support throughout the remediation window.
08
Included
Free Retest
We re-test once your team has remediated to confirm the fixes are effective, at no extra cost. The report you act on ends with verified results.
Testing follows recognised standards: OWASP Top 10 and the Web Security Testing Guide, PTES, NIST SP 800-115 and OSSTMM. Each engagement is then framed as one of three depths.
Most realisticBlack box
No prior knowledge of the target. Tests the experience an external attacker actually has and uncovers what is exposed without help. Best for validating your perimeter from an adversary’s perspective.
BalancedGrey box
Partial knowledge or credentials. Balances realism and coverage and is usually the right default for a first engagement. Finds both external exposure and internal privilege abuse.
Most coverage per kronaWhite box
Full access including documentation and source where relevant. Maximises depth and is the most cost-effective way to find subtle, logic-level flaws. Ideal for applications in active development.
Trusted by IT & Security Leaders Across Sweden & Europe
"
Through their range of security services and our decision to choose their MDR solution, eBuilder Security has significantly elevated our security posture. During the implementation phase, they were quick to assist and propose solutions to any challenges we encountered. The transition from project to production has been smooth, and their backend team quickly grasped our business needs. eBuilder Security is a valued partner for our future security efforts.
Gerth Ericsson
IT Manager, Vandewiele, Sweden
"
eBuilder Security helps us meet our IT and information security needs. We are very satisfied by their deep knowledge, comprehensive services, and dedication to strengthening our cybersecurity posture. From End Point Protection and advisory and auditing to penetration testing, eBuilder Security has been a reliable partner in safeguarding our organization.
Christian Sørensen
Internal Operations Director, Médecins Sans Frontières, Norway
"
The product increases knowledge and security awareness. It helps organizations develop a good information security culture. I am particularly pleased that it is an end-to-end solution where eBuilder Security takes care of the entire process from kick-off to reporting, while allowing for customization to suit the conditions unique to our business.
Per Eriksson
Information Security Strategist, Varbergs Kommun, Sweden
Who we work with
Built for Swedish Kommuner, Regions and Regulated Enterprises
We work within procurement constraints such as LOU and ramavtal, plan testing around citizen-facing services, and report in language both your IT team and your management can act on.
Free download · RFP & scoping
Scope Your Test in 15 Minutes
A practical scoping checklist plus an RFP template to brief any provider, including the questions that separate a real test from a scan.
- Asset and scope worksheet: a one-page inventory of the web apps, APIs, networks, cloud accounts and AD environments that should be in scope, and what to deliberately exclude.
- Methodology selector: when black box, grey box or white box is the right depth for each asset, and how to phrase it so vendors quote on the same basis.
- Compliance mapping: which NIS2, DORA, ISO 27001, PCI DSS and GDPR clauses a single engagement should evidence, with the report sections that prove it.
- Vendor question bank: the questions that separate a real penetration test from a glorified vulnerability scan, including retesting, data residency and tester credentials.
- RFP template: a copy-paste brief any provider can quote against, with timing, rules of engagement and reporting expectations pre-filled.
Built for the Swedish regulatory context. Free to download, no sales call required.
Get the Scoping Checklist
Delivered to your inbox. EU data residency. We process only what the download needs.
EU data residency. We do not sell or share your details.
Indicative Swedish-market range
What’s Typically Included
Small external test
~ SEK 30,000
Mid-scope engagement
SEK 80,000 – 180,000
Full-scope engagement
SEK 250,000+
Retesting
Included
Executive summary
Included
Post-test walkthrough
Included
Market context for budgeting. The exact figure is on your scoped quote.
Pricing
How Much Does a Penetration Test Cost in Sweden?
Cost depends on scope, the number of assets in scope and the methodology required. As a guide, penetration tests in the Swedish market typically range from around SEK 30,000 for a small external test to SEK 250,000 and above for a full-scope engagement.
Why a Scoped Quote Is the Most Reliable Way to Budget
A small external network test and a full-scope red-team engagement are very different engagements. The scope we agree determines the price. Retesting is included, so the price you agree is the price to a verified fix, with no hidden extras.
What Sits Inside the Fee
Pre-test guidance, the engagement itself, a CVSS-rated report with executive summary, a live post-test walkthrough and free retesting are all part of every engagement. You are buying a result, not a day rate.
Questions
Penetration Testing FAQ
Real questions a security leader or procurement lead asks before commissioning a test.
What is penetration testing?
Penetration testing is a controlled, ethical cyberattack run by security specialists. They find and safely exploit weaknesses the way a real attacker would, then report each risk with evidence and prioritised steps to fix it. It proves real-world impact, not just theoretical exposure.
What is the difference between a vulnerability scan and a penetration test?
A vulnerability scan is automated and lists potential weaknesses. A penetration test is performed by an expert who manually exploits and chains those weaknesses to prove what an attacker could actually achieve. You usually want both: scanning for breadth, testing for proof.
What can you test?
Web applications and APIs, internal and external networks including on-site infrastructure, cloud environments such as Azure and AWS, and Active Directory. We also test mobile applications and can run red-team and social engineering engagements. Each test runs as black box, grey box or white box depending on your goal.
What is the difference between black box, grey box and white box testing?
Black box means no prior knowledge, which is the most realistic. Grey box means partial knowledge or credentials, which balances realism and coverage. White box means full access, which gives the most coverage per krona. We recommend the right depth for each asset and each goal.
Does penetration testing satisfy NIS2 and the Cybersäkerhetslagen?
NIS2 Article 21(2)(f) requires processes to assess the effectiveness of your security measures, and penetration testing is the most direct evidence. In Sweden, NIS2 is implemented as the Cybersäkerhetslagen (SFS 2025:1506), in force since 15 January 2026.
What is TLPT and TIBER-SE, and do we need it?
Threat-led penetration testing (TLPT) is intelligence-led testing of your whole organisation, required under DORA at least every three years for significant financial entities. In Sweden, Finansinspektionen designates who is tested and the Riksbank coordinates it through TIBER-SE. We can advise whether it applies to you.
How long does a penetration test take?
A focused test of a single application or external perimeter usually takes one to two weeks including reporting. A full-scope engagement takes longer. We agree the timeline during scoping so it fits around your release and service windows.
How often should we run a penetration test?
At least once a year, and again after any major change to your systems, applications or infrastructure. Regular testing keeps pace with new threats and code changes. Our free retesting also confirms that previous fixes still hold at your next engagement.
Is retesting included?
Yes. After you remediate the findings, we re-test to confirm the fixes are effective at no extra cost. That means the report you act on ends with verified results, not open questions.
What methodology do you follow?
Testing follows recognised standards: OWASP Top 10 and the Web Security Testing Guide for applications, PTES, NIST SP 800-115 and OSSTMM. That keeps findings consistent, repeatable and defensible to an auditor.
What does a penetration test report include?
An executive summary written for management, detailed findings with evidence, CVSS v3.1 risk ratings, clear remediation guidance and a retest to verify fixes. Written so both technical teams and board can understand and act on the results.
Where is our test data stored?
Tests are run by Sweden-based specialists, and the findings and report stay within Swedish jurisdiction. This matters under Schrems II, where EU hosting alone is not enough if the provider is exposed to foreign government access orders.
How much does it cost and how do we get a quote?
Cost depends on scope, asset count and methodology. Tests in the Swedish market typically range from around SEK 30,000 for a small external test to SEK 250,000 and above for a full-scope engagement. Book a 30-minute scoping call for an exact figure.
Scope Your Penetration Test. Validate Your Posture Before an Attacker Does.
Talk to our Sweden-based team about a test scoped to your environment, your compliance obligations and your budget. We'll also show you live SOC in action. No slide deck and no obligation.
Book a 30-minute scoping call
No commitment
Sweden-based specialists
Do you need a penetration test?
Instant read
Has it been over 12 months since your last test, or have you never run one?
Have you shipped new apps, cloud or infrastructure changes since then?
Do you need NIS2, DORA or ISO 27001 evidence this year?
Answer the three questions for an instant read.
Indicative only, for the conversation. Not a formal assessment.
Stronger Together: Pair Pentest with These Services
A penetration test proves what is exploitable today. These services keep you ahead of what changes tomorrow.
Managed Detection & Response
24/7 SOC, Sweden
A pentest finds the gaps. MDR watches them around the clock. Human-led detection and response with a named Swedish analyst, not a ticket queue.
Security Awareness
& Phishing Simulation
Technical controls stop technical attacks. Most breaches start with a person. Nano lessons and realistic phishing simulations to strengthen your human layer.
CISO as a Service
Strategic Advisory
Pentest results feed the risk register. vCISO turns them into board strategy. Governance, compliance leadership and vendor risk without a full-time hire.