On-Demand Penetration TestingPentest at sprint pace, right-sized to your scope.
3-day, 7-day, or 15-day shapes, for a single web app, an app plus supporting API, or a multi-app stack. Same manual depth as a discipline-specific engagement, scoped on a 30-minute call, delivered with a working proof-of-exploit, the patch path, and a verified re-test.
Right-sized
3-day Sprint, 7-day Standard, or 15-day Deep, pick the shape that fits the target, not the calendar.
Manual depth
Scanner output filtered to the exploitable. Manual chained-exploits surfaced. Working proof-of-exploit on every finding.
Re-test included
We verify your fixes at no extra cost. One engagement, closed loop.
The window from vulnerability discovery to exploitation has gone from weeks to hours.
Trusted by security teams across Fintech, SaaS & Education, Enterprise & Telecom, Security & Critical Infrastructure
On record
Why on-demand
Engineering ships every sprint. Your pentest doesn't.
An annual pentest is one snapshot of an application that has already changed by the time the report lands. The 51 weeks in between go unreviewed. On-demand closes the gap: each release cycle gets a right-sized engagement, small enough to fit your sprint, deep enough to surface what scanners won't. The same CREST-accredited pentesters, the same manual depth, sized to the work you're shipping this quarter.
THREE ENGAGEMENT SHAPES.
Same depth. Scoped to scale.
Pick the shape that fits the target. Asset volume drives the man-days; the methodology and the accreditation stay the same at every tier.
Single web app, single API, or a focused regression. OWASP Top 10 and SANS Top 25 mapped, working proof-of-exploit, fixes in your sprint cycle.
App plus supporting API plus business-logic edge cases. Auth flows, role-based access, integration surfaces. Longer-tail vulns the scanner misses.
Multi-app stack: auth, RBAC, payment, third-party integrations, mobile-API surface. Exhaustive depth for an annual security-posture review.
What we test on-demand
One engagement model. Every target you ship.
Web, mobile, API, network, internal, brought under one delivery model. You don’t have to pick a discipline before you scope; we right-size the team and the depth to your target.
Web applications
Single SPA, multi-tenant, e-commerce, internal portal. Auth flows, RBAC, business logic, payment-stage integrity, manually walked, not scanner-rubber-stamped.
REST + GraphQL APIs
OWASP API Top 10 mapped. BOLA, mass assignment, broken object-level authZ, rate-limit bypass, schema introspection abuse, refresh-token rotation gaps.
Mobile apps (iOS · Android)
Native, hybrid, and cross-platform builds. Static + runtime instrumentation under Frida, deeplink hijack, Keychain / Keystore mishandling, addJavascriptInterface RCE.
Network IPs (internal + external)
Service enumeration, exposed admin panels, weak auth chains, default-credential pivots, RCE chains into the application stack, walked by hand, not just nmap output.
Internal apps + admin portals
VPN-gated, SSO-fronted, role-segmented apps. Same auth depth as external surfaces, mapped to your insider threat model and least-privilege contract.
Cloud + container surfaces
AWS, Azure, GCP, Kubernetes, IAM mishandling, managed-identity over-scope, IMDSv1 SSRF, pod-to-host RBAC bypass under your real workload identity model.
ON-DEMAND METHODOLOGY.
Six phases. Closed-loop at every shape.
Compressed for a 3-day Sprint, expanded for a 15-day Deep. The methodology, the manual coverage, and the sign-off contract stay the same.
- 01
Brief
30-minute scoping call. Your target, timeline, build pipeline, and risk model walked through with the engagement lead. No 2-week SOW process.
- 02
Scope
Right-sized to a 3-, 7-, or 15-day shape. Asset list, deliverables, success criteria, and re-test contract written in one document.
- 03
Recon
Dependency graph, attack-surface map, exposed endpoints, and authentication paths inventoried before the manual phase begins.
- 04
Exploit
Manual chained-exploits surfaced. Scanner output triaged to the exploitable. Each finding paired with a working proof-of-exploit on a real environment.
- 05
Report
Working PoC, severity scored against business impact, the patch path written for engineering. Executive summary and CVSS evidence for the audit trail.
- 06
Re-test
Every finding re-tested after your team ships the fix, at no extra cost. Written confirmation each path is closed before the engagement is signed off.
Insights
On-demand testing Resources.
Notes from short-cycle engagements: regression retests, single-feature pentests, and ad-hoc reviews that ship in days, not weeks.
Meet your engagement lead
One named lead, on demand.
John Dill
vCISO at SecureLayer7
3 · 7 · 15
Engagement shapes (days)
Manual
Methodology at every shape
Included
Re-test on every engagement
John runs on-demand scoping from kick-off to re-test. He translates your target, timeline, build pipeline, and risk model into a 3-, 7-, or 15-day shape, then owns status checkpoints and sign-off so the pod stays heads-down on the engagement.
- Right-sizes engagements against your sprint cycle, asset volume, and risk model, not a fixed-tier menu.
- Owns kick-off, mid-engagement walkthroughs, and live review of every finding before it lands in the report.
- Drives remediation review and re-test until every finding is closed and proven on your environment.
Ready to scope an on-demand engagement? Book 30 minutes with John to walk through your target, timeline, and which shape fits.
Book a 30-min callTested by industry.
The bug classes named below come from real engagements in each sector. Pick the closest fit.
Tech SaaS
Release-train-aligned re-tests on the surfaces that changed since last engagement.
FinTech
Pre-launch product pentests for new features hitting regulated environments.
Built for United Arab Emirates engagements
What changes when we deliver here.
Compliance scoping
Window calendar aligned to CBUAE quarterly change cycle
Regulatory framework
Signed letter per window for the DIFC annual review file
Local engagements
Ran 16 windows over a year for a UAE neo-bank
Local pricing
Annual AED retainer; pay per window or block of windows
Compliance scoping
30-day re-test letter included in the same regulator file
On-demand questions UAE security ops ask.
How quickly can a window start?
Five business days from PO in most cases. Two days for clients on a retainer. Engagement letter comes signed before the kickoff call.
Is the regulator letter from each window keepable?
Yes. Each window ends with a signed attestation citing the UAE IAS v2 controls tested. CBUAE and DIFC reviewers accept it as evidence.
Do you re-test fixes for free?
Yes. Within 30 days of the report. The re-test letter goes into the same regulator file as the original finding.
Can a window be split across emirates?
Yes. A window may test a Dubai app and an Abu Dhabi backend in the same week. Reports come per scope; the master letter lists both.
Delivery in United Arab Emirates
Quarterly windows. CBUAE + DIFC cycles.
Bookable testing windows align with CBUAE quarterly change cycles and DIFC annual review filings. Each window ends with a signed letter for the regulator file.
- Direct line
- +971-4-123-4567
- Office
- Dubai, UAE
Frameworks scoped: UAE IAS · NESA · ADHICS · PCI DSS · ISO/IEC 27001.
Sample engagement report
See what arrives in your inbox.
A pre-vetted sample report: full vulnerability narrative, working proof-of-exploit, the patch path, and the re-test confirmation. Sent on request after a 5-minute scoping call.