One week. Zero cost.
A real pentest report.
We test one scoped surface of your application for seven days and deliver the same professional report your paid clients receive. Working proof of concept for every finding. No obligation to continue.
Apply for a Trial Slot4–6 slots available per month · Reviewed within 24 h
How the trial works
You create two test accounts
One standard user account, one with elevated permissions if applicable. That is all we need — no VPN access, no source code, no internal credentials.
We test for one week
Our team runs a scoped web and API assessment against your agreed surface. We use the same methodology as paid engagements: manual testing, exploitation-led, no scanner-only noise.
You receive a professional report
Within 24 hours of the test window closing: executive summary, full technical findings with working PoC, and concrete remediation steps. Same format as every paid report we deliver.
Zero obligation to continue
If you find value in the report and the relationship, we can discuss an ongoing engagement. If not, keep the report, fix the issues, and we part as professionals.
Who qualifies
- Your product is a web application or API in production or pre-launch staging
- You can create two dedicated test accounts within 48 hours of approval
- You are a decision-maker or technical lead at the company
- Your company has 5 or more employees
What the report includes
Executive Summary
Severity breakdown, business risk summary, and overall security posture — written for non-technical stakeholders and procurement teams.
Technical Findings
Every finding includes: description, reproduction steps, working HTTP request/response proof, CVSS score, CWE mapping, and affected endpoints.
Remediation Guidance
Specific fix recommendations for each issue — not generic advice. Code-level guidance where relevant. Retest available if you continue.
Common questions
Is this really free? What is the catch?
No catch. We run a limited number of free trials each month to demonstrate capability to qualified prospects. If you are a fit for a longer engagement after seeing the report quality, we will discuss it. If not, that is fine.
What is the scope of the one-week trial?
We agree on a specific surface before we start: one module, one API group, or one user flow. We do not go out of scope. You define the boundary and we test within it.
Do you need source code or VPN access?
No. We test black-box or grey-box depending on what you can share. Two test accounts are the minimum requirement.
What happens to the test accounts after the trial?
You delete them. We have no use for them after the test window closes. We recommend rotating any credentials used in the testing environment regardless.
How many slots are available per month?
We accept between 4 and 6 trial engagements per month, depending on active paid workload. Applications are reviewed in the order received.
Ready to see what is actually in your application?
Fill in a short form. We confirm scope, you create the test accounts, and we start within 48 hours.
Apply for a Trial Slot