What penetration testing services does Daniel Ordonez Arango offer?

Daniel Ordonez Arango offers web application penetration testing and Active Directory security reviews, with detailed remediation reporting. Available remotely for freelance engagements.

Is Daniel Ordonez Arango certified as a penetration tester?

Daniel Ordonez Arango has completed the CPTS, CDSA, CJCA and CWES paths on HTB Academy (exams pending). He ranks in the Top 1% globally on Hack The Box with 720 lab targets compromised and 105 Academy modules completed.

Where is Daniel Ordonez Arango based and does he work remotely?

Daniel Ordonez Arango is based in Colombia and is fully available for remote penetration testing engagements worldwide. He works in both English and Spanish.

How can I contact Daniel Ordonez Arango for a penetration test?

You can reach Daniel via email at danielordonezarango@gmail.com, through the contact form on danieloa.com, or via LinkedIn at linkedin.com/in/danieloarango. He is currently open to new engagements.

¿Cuánto cuesta un pentest o prueba de penetración?

El costo de un pentest varía según el alcance. Una evaluación de aplicación web básica puede comenzar desde $3,000 USD para startups y PYMEs. Daniel Ordonez Arango ofrece presupuestos personalizados según el tamaño y complejidad del proyecto. Contáctalo en danieloa.com para una cotización.

¿Hay pentester freelance en Colombia?

Sí. Daniel Ordonez Arango es un pentester freelance basado en Colombia, disponible para proyectos remotos en toda Latinoamérica y el mundo. Habla inglés y español. Top 1% global en Hack The Box con 720 objetivos de laboratorio comprometidos y 105 módulos de la Academia completados.

¿Qué incluye un informe de pentest?

Un informe de pentest profesional incluye: resumen ejecutivo para directivos, hallazgos técnicos detallados con evidencia, clasificación de vulnerabilidades por criticidad (CVSS), pasos de explotación reproducibles y recomendaciones específicas de remediación priorizadas.

¿Qué es una prueba de penetración de aplicaciones web?

Es una evaluación de seguridad ofensiva que simula ataques reales contra una aplicación web. Se evalúa el OWASP Top 10 (inyección SQL, XSS, IDOR, etc.), lógica de negocio, autenticación, APIs y más. El objetivo es encontrar vulnerabilidades antes que un atacante real.

How much does a freelance penetration test cost for a startup?

Freelance pentest costs for startups typically range from $2,000 to $5,000 depending on scope. Daniel Ordonez Arango offers flexible pricing for early-stage companies and SMBs, with clear deliverables and no enterprise overhead. Contact via danieloa.com for a custom quote.

Daniel Ordonez Arango | Freelance Penetration Tester

A breach costs more than a pentest.

I find the vulnerabilities in your systems before someone exploits them. Structured methodology, written deliverables, and a report your team can act on.

Start with a free call HTB profile Curriculum LinkedIn

Daniel Ordonez Arango — Penetration Tester

[ HACK THE BOX PROFILE ]

12 HTB paths completed
720 HTB machines pwned
Top 1% HTB ranking

[ SERVICES ]

What I do

Web Application Pentest Find exploitable vulnerabilities in your app before a breach does. OWASP-aligned manual testing with a written report your team can act on immediately.

OWASP Top 10 manual testing
Severity-ranked PDF report
Business impact per finding
Remediation guidance included

Active Directory Pentest Find identity and privilege gaps in your Active Directory before lateral movement becomes a domain compromise. Identity-focused manual testing with a severity-ranked report your IT team can act on immediately.

Kerberos, ACL & delegation testing
Severity-ranked PDF report
Domain compromise path analysis
Remediation guidance included

All services include a free re-test after fixes are applied.

[ CASE STUDIES ]

Real engagements, real findings

Corporate Intranet · Colombia · 2025

5 Critical 6 High

WordPress Intranet — Static Code Analysis

Auth bypass, hardcoded credentials, and XSS in a corporate WordPress stack — all remediated within two weeks.

Read case study →

Automotive Industry · Colombia · 2026

5 Critical 3 High

Active SEO Spam Injection & Full Remediation

Hidden gambling SEO spam and exposed backups on WordPress — full cleanup verified in one session.

Read case study →

[ ABOUT ]

Background

I started as a full-stack developer. That background changes how I test — I know how applications are built, which means I know exactly where developers leave gaps.

My training covers the full offensive attack surface: web exploitation, Active Directory attacks, network pivoting, privilege escalation and post-exploitation techniques. I don't just find vulnerabilities — I explain why they exist, what a real attacker would do with them, and how to fix them correctly.

I work remotely with startups and SMBs across Latin America, the US and Europe. Fixed-price engagements, bilingual delivery, and a free re-test to confirm your fixes actually hold.

[ CREDENTIALS ]

Training & Experience

Completed paths

Web Penetration Tester

CWES

Penetration Tester

CPTS

SOC Analyst

CDSA

Junior Cybersecurity Analyst

CJCA

In progress

Senior Web Penetration Tester

CWEE

Active Directory Pentesting Expert

CAPE

Offensive AI Expert

COAE

Wi-Fi Pentesting Expert

CWPE

Background

Full-Stack Developer

[ HOW IT WORKS ]

Structured engagement process

Scoping & proposal
Free scoping call to define your environment, targets and rules of engagement. You receive a written proposal with scope, methodology, fixed price and NDA — before any work begins.
Assessment & testing
Manual offensive testing with progress updates throughout. Critical and high findings are reported immediately — not held for the final report.
Reporting & verification
Severity-ranked PDF report with evidence and remediation steps. Free re-test included to verify your fixes hold.

[ PRICING ]

Get an instant estimate

Choose your service

Environment parameters

Scope

Complexity

Testing type

Black-box No prior knowledge of the target. Simulates a real external attacker. Ideal to test your defences from an adversarial perspective. ✓ Most common

Grey-box Partial credentials or context provided. Simulates a compromised account or insider threat. Best coverage-to-cost ratio. ✓ Recommended

White-box Full access + source code provided. Maximum depth and coverage. Best for thorough audits or when regulations require it. ✓ Most thorough

Selected service

Web App Pentest

Estimated range

$2,000 — $5,000 USD

Scope Small · 1–5 targets

Complexity Standard

Testing Black-box

Duration 1–2 weeks

Book a free scoping call →

Automated estimate only — not a binding quote.
A signed authorization agreement is required before any engagement begins.

[ FAQ ]

Common questions

01 How much does a penetration test cost?

Web app from $2,000 · Active Directory from $3,000. Use the pricing calculator above for an instant estimate, or book a free scoping call.

02 Why hire you instead of a larger security firm?

Cost, focus, and direct access. As a LATAM-based independent tester, my rates are significantly lower than US/EU firms without sacrificing methodology or quality. You work directly with the person doing the testing — from scoping to final report.

03 What happens if you find a critical vulnerability?

I report it immediately — you don’t wait for the final report. Critical and high findings are communicated as soon as confirmed so your team can begin remediation while the engagement is still active.

[ SEND A MESSAGE ]

A breach costs more than a pentest.

What I do

Real engagements, real findings

WordPress Intranet — Static Code Analysis

Active SEO Spam Injection & Full Remediation

Background

Training & Experience

Structured engagement process

Get an instant estimate

Common questions

Direct message