⊛ On-demand penetration testing
Penetration testing
on demand.
Encrypted PDF reports. OWASP-aligned methodology.
Fast turnaround. No statement-of-work limbo.
On-demand penetration testing for web apps, APIs, mobile, and external infrastructure. OWASP-aligned methodology, encrypted PDF reports, fast turnaround, and a dedicated client portal.
// threat landscape
// OWASP-aligned scan
Every vuln. Documented.
30+ security checks · No signup · Results in ~30s
SECURE
// How it works
Submit → Test → Report
01
Submit your target
02
We test it
03
Encrypted PDF report
// Services
Coverage where attackers look
// Methodology
OWASP-aligned.
Repeatable. Auditable.
// Encryption
Your findings stay yours.
Every PDF is password-protected. Passwords sent on a separate channel.
// Pricing
Pick your coverage.
// Trusted by teams who ship fast
// FAQ
Common questions.
Penetration testing on demand. Encrypted PDF reports.
On-demand penetration testing for web apps, APIs, mobile, and external infrastructure. OWASP-aligned methodology, encrypted PDF reports, fast turnaround, and a dedicated client portal.
How it works
Submit your target
Register your asset — domain, API endpoint, or mobile binary.
We test it
OWASP-aligned methodology, automated scans backed by manual testing.
Encrypted PDF report
Executive summary, technical findings, and remediation guidance.
Services
Web Application Testing
OWASP Top 10, auth/session flaws, and business logic vulnerabilities.
API Security Testing
OWASP API Top 10, BOLA/IDOR, broken object-level auth, and rate limit bypass.
Mobile Application Testing
OWASP MASVS, static + dynamic analysis, certificate pinning checks.
External Infrastructure Testing
Service/port enumeration, misconfiguration detection, TLS/certificate review.
Free security scanner
Run a free instant security scan from your browser. Enter a URL and get more than 30 passive security checks across TLS/SSL configuration, security headers, network exposure, email authentication (SPF, DKIM, DMARC), application security and compliance. Receive a graded report in about 30 seconds with no signup required. Try the free scanner at app.secaudit.xyz/tools.
Pricing
Starter
For small startups with one production app that needs recurring vuln coverage and the occasional API test.
Pro
For Series-A startups and SMBs without a dedicated security lead — recurring scans plus occasional source review.
Business
For mid-market teams prepping for SOC 2, ISO 27001, or HIPAA — includes a real manual pentest with auditor-grade deliverable.
Enterprise
For regulated industries and multi-team enterprises — custom scope, SSO, dedicated CSM, and red-team simulation.
FAQ
Why is paid signup reviewed by your team?
We're pre-Stripe today, so paid signups go through a 1-business-day review — that lets us confirm scope, issue your authorization-to-test letter, and onboard you cleanly before testing starts. Self-serve billing is on the roadmap; your plan, caps, and feature gates are already enforced server-side, so nothing changes for you when it lands. Want to try us with zero signup first? Run the free demo scanner at app.secaudit.xyz/tools.
Can I change plans later?
Yes. Upgrades go through the same 1-business-day review (we move you the moment we confirm). Downgrades take effect immediately at the start of your next billing cycle, with no penalty. You keep all reports generated under the previous tier.
What happens if I exceed my monthly cap?
We soft-block additional submissions and show you an upgrade prompt — no surprise overage fees. You can either wait for your next monthly reset, upgrade to a higher tier, or buy a one-off add-on (extra source review, extra pentest engagement) without changing your plan.
Do you offer refunds?
30-day money-back guarantee on all paid plans, no questions asked. If something doesn't work for you in your first month, email us and we'll refund in full. After 30 days, refunds are pro-rated for unused service.
Is there a free trial on paid plans?
Try before you buy with our free demo scanner at app.secaudit.xyz/tools — no signup, real passive checks, a graded report in about 30 seconds. When you're ready for full coverage, Starter is our entry paid tier (just $49/mo). We'd rather you see a real deliverable than time out on a generic 14-day countdown.
How do annual subscriptions work?
Annual plans are billed once per year and save you 15% versus paying month-to-month. The cap and feature set are identical to the monthly plan — only the billing cadence and price differ.
Is my data encrypted?
Reports are delivered as password-protected PDFs (passwords sent on a separate channel). Test artifacts and uploaded binaries live in encrypted object storage with key-scoped credentials. Stored credentials for authenticated tests are encrypted at rest with a per-platform key. Our security & auth approach is documented in detail for Enterprise prospects.
Do you sign NDAs?
Enterprise contracts include a mutual NDA by default and we're happy to redline yours. Lower tiers can request an NDA via the Compliance Pack add-on. Either way, every tester is bound by an internal confidentiality agreement before they touch your scope.