Free penetration test — try before you buyBook a call
Lynx Assurance
LynxAssurance

Free Penetration Test

See our process and quality before you commit. We run a real pentest against your application — automated scanning plus manual testing — and deliver a full findings report with remediation guidance for your dev team.

No commitment. No obligation. Try before you buy.

See how it works

What we test

We focus on the three areas that account for the majority of real-world application vulnerabilities — and the ones most likely to be exploited.

Authentication & Authorization

We test the mechanisms that guard your application — verifying that only the right users get access to the right resources.

  • OpenID Connect / OAuth flow validation
  • JWT token integrity, expiry & signature checks
  • Session timeout and forced re-authentication
  • Multi-factor authentication (MFA) bypass attempts
  • Role-based access control (RBAC) boundary testing
  • Privilege escalation between user roles

Injection & Input Validation

We probe your APIs and forms for the injection flaws that remain among the most exploited vulnerabilities in production applications.

  • SQL injection on API endpoints and form inputs
  • Cross-site scripting (XSS) — reflected, stored & DOM-based
  • Command injection and parameter tampering
  • Input validation and encoding checks
  • API request/response manipulation

Infrastructure & Configuration

We scan your application domain for exposed services, misconfigurations, and unnecessary attack surface.

  • Port scanning across your application domain
  • TLS/SSL configuration and certificate review
  • Security header analysis (CSP, HSTS, X-Frame-Options)
  • Server information disclosure checks
  • Default credentials and admin panel exposure

How it works

From scoping call to verified fixes — a structured process that gives you real security insight, not a generic automated report.

INTAKE

Short scoping call & intake form

A 30-minute call to understand your application, followed by a short intake form. We load a preconfigured OWASP ZAP project template tailored to your tech stack and scope.

  • 30-minute scoping call with a senior tester
  • Short intake form to capture environment details
  • Preconfigured ZAP project loaded for your application

TESTING

1 Day Pen Test

Automated scanning runs in the background while we conduct focused manual testing on authentication, authorization, injection vectors, configuration, and critical business logic flows.

  • Automated ZAP scan across your application
  • Manual auth/authz & injection testing
  • Configuration and security header review
  • Business logic checks on critical flows

REPORTING

Full findings report with remediation

You receive a pentest report with auto-populated scan findings and manually documented vulnerabilities. Each finding includes severity, evidence, and clear remediation steps your dev team can action immediately.

  • Auto-populated findings from automated scanning
  • Manual findings with evidence and screenshots
  • Remediation guidance written for developers
  • Severity ratings aligned to CVSS / OWASP

Get your free pentest

Book a 30-minute scoping call and we'll get started. No commitment, no obligation — just a real security assessment so you can see how we work.

What we need from you

Minimal setup so we can get started quickly. No production access required — we test against your dev or staging environment.

30-minute scoping call

A quick call to understand your application, tech stack, and what matters most to your business.

Access to dev / test environments

We test against non-production environments so there's zero risk to your live users or data.

Whitelisting for a single pentester

Whitelist one IP address for our dedicated tester — no broad network access required.

API documentation

Swagger, Postman collection, or equivalent so we can test your API surface efficiently.

Auth details & test accounts

Authentication mechanism overview, user roles, and one test account per role for access control testing.

Ready to go deeper?

The free pentest is a “try before you buy.” When you're ready for comprehensive coverage, we offer full engagements tailored to your stack and risk profile.

  • Full penetration test across all application flows and user journeys
  • Retest and verify fixes from your free pentest findings
  • Weekly automated re-scans until critical findings are resolved
  • API penetration testing — REST, GraphQL, gRPC, WebSocket
  • Mobile application security testing (iOS and Android)
  • Single-page application (SPA) and client-side security review
  • Business logic and payment flow testing
  • Multi-tenant isolation and data leakage testing
  • Cloud infrastructure and configuration review (AWS, Azure, GCP)
  • Container and Kubernetes security assessment
  • CI/CD pipeline security review
  • Network penetration testing — internal and external
  • Wireless network security assessment
  • Social engineering and phishing simulation
  • Source code security review (static analysis + manual)
  • Third-party and supply chain dependency audit
  • Compliance-mapped reporting — SOC 2, ISO 27001, GDPR, PCI DSS, HIPAA
  • Red team engagement — adversary simulation across your full environment
  • Ongoing managed penetration testing with monthly or quarterly cadence
  • Executive and board-ready risk reporting
View Security Assurance Package
← View all packages

Get assured

Tell us about your project and our team will reach out to organise a call.

Basic Information

By clicking next, you consent to us reaching out via email to discuss your needs.

Or email us directly at hello@lynxassurance.com