🛡 Offensive & defensive security

We break in — before attackers do. نخترق أنظمتك قبل أن يفعلها المهاجمون.

Opra is a penetration testing and cyber-defense firm. We find the flaws in your networks, applications and people — then help you close them for good. أوبرا شركة اختبار اختراق ودفاع سيبراني. نكشف الثغرات في شبكاتك وتطبيقاتك وموظفيك — ثم نساعدك على إغلاقها نهائيًا.

1,200+critical issues found
120+security engagements
24/7incident response
// our services

What we secure

Full-spectrum offensive and defensive security, mapped to your real-world risk.

>_

Incident Response & Digital Forensics الاستجابة للحوادث والأدلة الرقمية

Rapid containment, eradication and forensic root-cause analysis when a breach happens — 24/7. احتواء سريع واستئصال وتحليل جنائي لجذر الحادث عند وقوع اختراق — على مدار الساعة.

fromيبدأ من 15,000 SAR Request
>_

Network Penetration Testing اختبار اختراق الشبكات

Simulated external and internal attacks that expose exploitable gaps across your network perimeter and infrastructure. هجمات محاكاة خارجية وداخلية تكشف الثغرات القابلة للاستغلال في محيط شبكتك وبنيتك التحتية.

fromيبدأ من 12,000 SAR Request
>_

Red Team / Blue Team Operations عمليات الفريق الأحمر والأزرق

Full-scope adversary emulation paired with defensive tuning to test and strengthen detection and response. محاكاة كاملة لخصم حقيقي مع ضبط دفاعي لاختبار وتعزيز قدرات الكشف والاستجابة.

fromيبدأ من 25,000 SAR Request
>_

Security Auditing & Compliance التدقيق الأمني والامتثال

Gap assessment and audit support for ISO 27001, PCI-DSS, NCA ECC and SAMA frameworks. تقييم الفجوات ودعم التدقيق لأطر ISO 27001 وPCI-DSS وضوابط الهيئة الوطنية للأمن السيبراني ومؤسسة النقد.

fromيبدأ من 11,000 SAR Request
>_

Vulnerability Assessment تقييم الثغرات

Prioritised, low-noise assessment of your assets with a clear, risk-ranked remediation roadmap. تقييم مُرتّب حسب الأولوية لأصولك مع خارطة طريق واضحة للمعالجة مُرتّبة حسب المخاطر.

fromيبدأ من 6,000 SAR Request
>_

Web Application Security Testing اختبار أمان تطبيقات الويب

Deep manual and automated testing of your web apps and APIs against the OWASP Top 10 and business-logic flaws. اختبار يدوي وآلي معمّق لتطبيقات الويب وواجهات الـ API مقابل أخطر عشر ثغرات (OWASP) وثغرات منطق العمل.

fromيبدأ من 9,500 SAR Request
// field notes

Selected engagements

Anonymised results from recent security engagements.

Fintech · Red Team

Full domain compromise in 48 hours

Chained a phishing foothold to domain-admin across a hardened bank network — then handed over the exact remediation path.

9 critical findings closed
SaaS · Web App Pentest

Auth bypass scanners missed for years

Manual testing uncovered a token-validation flaw exposing every tenant's data. Fixed before any disclosure.

100% tenant data protected
Retail · Incident Response

Ransomware contained overnight

Isolated, eradicated and restored operations within hours, with a full forensic root-cause report.

14h to full recovery

Frequently asked questions

What does a penetration test involve?
Scoping, reconnaissance, exploitation and a written report with prioritised, actionable fixes — plus a free retest of every issue we find.
Will testing disrupt our production systems?
No. We agree scope and safe testing windows in writing, use non-destructive techniques, and stay in constant contact with your team.
Do we get a report we can share with auditors and clients?
Yes — an executive summary plus a detailed technical report with evidence, risk ratings and remediation guidance suitable for auditors.
How are engagements priced?
Per scope, quoted up front. We issue a simplified (non-VAT) invoice for each engagement.

Request an assessment

Tell us about your environment. We reply within one business day.