Resources.

Reports, methodologies,and field notes.

Published sample pentest reports, audit methodologies, buyer guides, product datasheets, and recent CVE advisories. Every PDF below was authored by the SL7 research team. If you already know what you need, talk to us directly.

Library.

Everything we publish, in one place.

Filter by what you need, buyer guides, sample reports, methodology, CVEs, whitepapers, or search for a topic.

Featured
Hub-and-spoke agentic orchestration diagram

BugDazz Autonomous: agentic architecture

Multi-agent orchestration, semantic crawl plane, six-shape memory subsystem, and a five-stage finding lifecycle. The production architecture behind BugDazz Autonomous, written for CISOs, security architects, and platform engineering leaders.

Get the whitepaper
Featured
Bypassing Web Application Firewalls

Bypassing Web Application Firewalls

Real-world WAF bypass techniques against modern rule sets, plus the patches that closed each one.

Get the PDF
Featured
Appdome mobile security control bypass

Appdome mobile security control bypass

Bypass paths through Appdome-protected mobile applications, with the runtime-protection patterns that mitigate them.

Get the PDF
AWS Cloud Security eBook

AWS Cloud Security eBook

Threat model, IAM patterns, and the engagement checklist for AWS pentest scoping.

Get the PDF
Five-row agenda illustration; one row highlighted

Five board questions every CISO faces

How to answer the board on pentest cadence, scope, and the report that lands at the audit committee.

Get the PDF
How to choose a pentest service partner

How to choose a pentest service partner

Procurement checklist: accreditations, scoping rigor, retest cadence, and red flags to avoid.

Get the PDF
Refinery CMS pentest report

Refinery CMS pentest report

Web application penetration test against open-source Ruby on Rails Refinery CMS. Full chain, working PoC per finding.

Get the PDF
KeystoneJS pentest report

KeystoneJS pentest report

Node.js CMS audit covering auth, IDOR, mass assignment, and SSRF paths.

Get the PDF
Pagekit CMS pentest report

Pagekit CMS pentest report

Modular PHP CMS audit. Plugin auth bypass, admin RCE, and template injection chain.

Get the PDF
Application security assessment methodology

Application security assessment methodology

Per-phase methodology for application security audits, from scope through chained findings and retest.

Get the PDF
Source code audit methodology

Source code audit methodology

Static review playbook covering deserialization, SQL injection, secrets-in-history, and supply-chain risk.

Get the PDF
IoT security assessment methodology

IoT security assessment methodology

Five-surface bench-pentest methodology: hardware, firmware, radio, mobile companion, cloud backend.

Get the PDF
Spring AI PgVectorStore CVE write-up

CVE-2026-22729: JSONPath injection in Spring AI PgVectorStore

JSONPath injection in Spring AI's PgVectorStore. Attacker-controlled queries escape the JSONPath sandbox and reach the database backend.

Read more
Windows RegPwn privilege escalation

CVE-2026-24291: RegPwn Windows registry escalation

Windows registry-driven privilege escalation chain. From low-priv user to SYSTEM through a misregistered subkey on a stock install.

Read more
Unity Hub macOS TCC bypass

CVE-2025-59489: Unity Hub macOS dylib injection, TCC bypass

macOS TCC bypass through Unity Hub dylib injection. Reaches Camera, Microphone, and Documents without the user prompt.

Read more
SecureLayer7 company profile

SecureLayer7 company profile

Capabilities deck: accreditations, sector coverage, engagement model, and named past customers.

Get the PDF
BugDazz autonomous datasheet

BugDazz autonomous datasheet

Product datasheet for the BugDazz autonomous pentest platform. Coverage, integrations, deployment options.

Get the PDF

Ready to scope?

Talk to a security expert.

30-minute scoping call with an engagement lead. Walk through your stack, your audit deadline, and we will send a sized quote back the same day.

Meet our pod at the next conference