On-Demand Penetration TestingPentest at sprint pace, right-sized to your scope.
3-day, 7-day, or 15-day shapes, for a single web app, an app plus supporting API, or a multi-app stack. Same manual depth as a discipline-specific engagement, scoped on a 30-minute call, delivered with a working proof-of-exploit, the patch path, and a verified re-test.
Right-sized
3-day Sprint, 7-day Standard, or 15-day Deep, pick the shape that fits the target, not the calendar.
Manual depth
Scanner output filtered to the exploitable. Manual chained-exploits surfaced. Working proof-of-exploit on every finding.
Re-test included
We verify your fixes at no extra cost. One engagement, closed loop.
The window from vulnerability discovery to exploitation has gone from weeks to hours.
Trusted by security teams across Fintech, SaaS & Education, Enterprise & Telecom, Security & Critical Infrastructure
On record
Why on-demand
Engineering ships every sprint. Your pentest doesn't.
An annual pentest is one snapshot of an application that has already changed by the time the report lands. The 51 weeks in between go unreviewed. On-demand closes the gap: each release cycle gets a right-sized engagement, small enough to fit your sprint, deep enough to surface what scanners won't. The same CREST-accredited pentesters, the same manual depth, sized to the work you're shipping this quarter.
THREE ENGAGEMENT SHAPES.
Same depth. Scoped to scale.
Pick the shape that fits the target. Asset volume drives the man-days; the methodology and the accreditation stay the same at every tier.
Single web app, single API, or a focused regression. OWASP Top 10 and SANS Top 25 mapped, working proof-of-exploit, fixes in your sprint cycle.
App plus supporting API plus business-logic edge cases. Auth flows, role-based access, integration surfaces. Longer-tail vulns the scanner misses.
Multi-app stack: auth, RBAC, payment, third-party integrations, mobile-API surface. Exhaustive depth for an annual security-posture review.
What we test on-demand
One engagement model. Every target you ship.
Web, mobile, API, network, internal, brought under one delivery model. You don’t have to pick a discipline before you scope; we right-size the team and the depth to your target.
Web applications
Single SPA, multi-tenant, e-commerce, internal portal. Auth flows, RBAC, business logic, payment-stage integrity, manually walked, not scanner-rubber-stamped.
REST + GraphQL APIs
OWASP API Top 10 mapped. BOLA, mass assignment, broken object-level authZ, rate-limit bypass, schema introspection abuse, refresh-token rotation gaps.
Mobile apps (iOS · Android)
Native, hybrid, and cross-platform builds. Static + runtime instrumentation under Frida, deeplink hijack, Keychain / Keystore mishandling, addJavascriptInterface RCE.
Network IPs (internal + external)
Service enumeration, exposed admin panels, weak auth chains, default-credential pivots, RCE chains into the application stack, walked by hand, not just nmap output.
Internal apps + admin portals
VPN-gated, SSO-fronted, role-segmented apps. Same auth depth as external surfaces, mapped to your insider threat model and least-privilege contract.
Cloud + container surfaces
AWS, Azure, GCP, Kubernetes, IAM mishandling, managed-identity over-scope, IMDSv1 SSRF, pod-to-host RBAC bypass under your real workload identity model.
ON-DEMAND METHODOLOGY.
Six phases. Closed-loop at every shape.
Compressed for a 3-day Sprint, expanded for a 15-day Deep. The methodology, the manual coverage, and the sign-off contract stay the same.
- 01
Brief
30-minute scoping call. Your target, timeline, build pipeline, and risk model walked through with the engagement lead. No 2-week SOW process.
- 02
Scope
Right-sized to a 3-, 7-, or 15-day shape. Asset list, deliverables, success criteria, and re-test contract written in one document.
- 03
Recon
Dependency graph, attack-surface map, exposed endpoints, and authentication paths inventoried before the manual phase begins.
- 04
Exploit
Manual chained-exploits surfaced. Scanner output triaged to the exploitable. Each finding paired with a working proof-of-exploit on a real environment.
- 05
Report
Working PoC, severity scored against business impact, the patch path written for engineering. Executive summary and CVSS evidence for the audit trail.
- 06
Re-test
Every finding re-tested after your team ships the fix, at no extra cost. Written confirmation each path is closed before the engagement is signed off.
Insights
On-demand testing Resources.
Notes from short-cycle engagements: regression retests, single-feature pentests, and ad-hoc reviews that ship in days, not weeks.
Meet your engagement lead
One named lead, on demand.
John Dill
vCISO at SecureLayer7
3 · 7 · 15
Engagement shapes (days)
Manual
Methodology at every shape
Included
Re-test on every engagement
John runs on-demand scoping from kick-off to re-test. He translates your target, timeline, build pipeline, and risk model into a 3-, 7-, or 15-day shape, then owns status checkpoints and sign-off so the pod stays heads-down on the engagement.
- Right-sizes engagements against your sprint cycle, asset volume, and risk model, not a fixed-tier menu.
- Owns kick-off, mid-engagement walkthroughs, and live review of every finding before it lands in the report.
- Drives remediation review and re-test until every finding is closed and proven on your environment.
Ready to scope an on-demand engagement? Book 30 minutes with John to walk through your target, timeline, and which shape fits.
Book a 30-min callTested by industry.
The bug classes named below come from real engagements in each sector. Pick the closest fit.
Tech SaaS
Release-train-aligned re-tests on the surfaces that changed since last engagement.
FinTech
Pre-launch product pentests for new features hitting regulated environments.
Built for United Kingdom engagements
What changes when we deliver here.
Compliance scoping
FCA SYSC 13.7.7 change-management evidence per release
Regulatory framework
Bank of England TPRM expectations covered in the SoW
Local engagements
UK paytech pulled 22 release tests in one year off one credit pack
Local pricing
GBP credit pack, 12-month roll, no surprise top-up fees
Compliance scoping
UK GDPR Art. 32 evidence retained for the 3-year FCA window
On-demand testing, UK ops.
How fast can a test start?
Credits drawn down inside 48 hours. UK-based engagement lead picks up before the release window opens.
Does the trail fit FCA SYSC 13.7.7?
Yes. Each test is timestamped, scoped and signed off — auditors map it directly to the change-management evidence.
Can the credits roll over the financial year?
Yes. 12-month credit window, GBP-billed, no use-it-or-lose-it. Renewal SoW issued 30 days before expiry.
Where does the report sit?
UK-region tenancy of /op-room. Customer-managed access keys; ICO breach flow documented per UK GDPR Art. 33.
Delivery in United Kingdom
Per-release pentest. UK change-window aligned.
Tests fire on release branches, with reports inside the FCA SYSC 13.7.7 change-management trail. GBP credits don't expire mid-cycle.
- Direct line
- +44-20-0000-0000
- Office
- London, United Kingdom
Frameworks scoped: CREST · NCSC CAF · UK GDPR · PCI DSS · ISO/IEC 27001.
Sample engagement report
See what arrives in your inbox.
A pre-vetted sample report: full vulnerability narrative, working proof-of-exploit, the patch path, and the re-test confirmation. Sent on request after a 5-minute scoping call.