Pentesting at the Speed of Business
We believe in simple online booking. We believe in hourly billing and transparent pricing. We believe in real-time reporting. We believe in no cancellation or postponement fees.
We protect global brands
More Cost Effective
With our precise hourly billing, and zero reporting charges our clients with multiple pentest requirements save an average of 38% on their annual pentesting bill (versus previous provider).
Real-Time Reporting
With our online booking, on-demand scheduling and real-time reporting, our average project turnaround time (initial engagement to report completion) is 10 days, versus the industry average of 42 days.
Hourly Billing
We don't charge postponement and cancellation fees. We don't charge for re-testing booked within 7 days of issue identification. These features alone represent an average saving of £1,070 per engagement vs other providers.
We're Using Technology To Make Pentesting Better
We're changing everything
“Working in a fast paced environment where customers require rapid change and development OnSecurity provide us with a service to support even the tightest timelines. The portal allows us to easily quote, book and review penetration test findings in a simple and user friendly way.”
Grant Wylie, Product Manager
The Idol

We're Using Technology to Make Pentesting Better
From the outset we invested heavily in technology and innovation, to make sure our clients get the best experience possible. From booking a test online, to being able to chat to our testers during the engagement.
From real-time reporting to free, one-click re-testing. We are innovators.

We Believe in Fair Pricing for Everyone
We don’t believe in charging different rates for different clients. We don’t believe in padding out quotes to the nearest day.
Our transparent, hourly billing means everyone pays the same hourly rate, and we quote to the nearest hour, not the nearest day. Plus, with no cancellation or postponement fees, we provide value you can trust.

We're a Pentesting Company Founded by Pentesters
OnSecurity was created by three experienced pentesters. We’re a company that cares deeply about the quality of our testing.
OnSecurity is CREST-approved, and all our testers are qualified CREST testers.
We believe in manual-first testing, and investing in developing talent through a structured and rigorous training programme. That’s how we keep the quality of our tests so high.

Get an Instant Pentest Quote
Do you have a budget and want to know how much a specific pen test would cost? Try out our instant quote generator and get the ball rolling on your first pentest.
“What sets OnSecurity apart is how flexible their platform makes pentesting. They are much less rigid around rescheduling and willing to work in small chunks during the build cycle. This ability to call on them as-and-when made them feel part of the dev team.”
Ben Francis, Head of Security & Operations
giffgaff

Frequently Asked Questions
Got a question you need answering? Hopefully our FAQs should help guide you
Do I need a penetration test?
A penetration test is the best way to know for sure if your organisation is an easy target for hackers. The test will show you both how strong your cyber defences are, but what the potential outcomes of a breach could be.
How often should my organisation perform a penetration test?
A pentest should be undertaken at least once a year, with additional tests performed after any major changes, upgrades or software patches.
How can I be sure my test is cost effective?
OnSecurity works in hours, not days, so you get a quote based on the actual time your test will take, without any padding or rounding up to the nearest day. Plus, we report as we go - so no waiting around while a tester spends days writing up a report before you can action any findings.
What’s the difference between vulnerability scanning and pentesting?
A vulnerability scan is done using an automated tool to sweep your systems for known vulnerabilities. Penetration testing is a highly skilled, manual process in which a tester finds and attempts to exploit a vulnerability.
How many scoping questions do you ask? / How do you scope a pentest?
OnSecurity requires just two simple scoping questions to determine the scale of your test. We then use an algorithm to generate you an estimated quote in just a few clicks.
Are your pentests disruptive? Can I continue working while the test is being done?
Our tests are carried out in a safe and controlled manner by experienced testers, so you can continue with work as normal. We tell you about the security issues we find in real-time, so you can fix them before criminals have a chance to exploit them.
Can I speak to my tester directly?
YES! You can chat directly to your tester in-portal or via Slack during the test.
When will I be notified of findings?
Our testers report in real time as they test, so you can get notified immediately when something is found, instead of having to wait until the test is complete and a report written up.
Do you offer free retesting?
Yes! OnSecurity will retest any findings you’ve fixed for free, just book them in directly through our Portal within 7 days of the test completion date.
How long does a pentest take?
How long a test will take will depend on the size of your target and its function. We ask 2 simple scoping questions to gauge the complexity of your environment which then informs the time we think it will take to test.
What if I need to cancel or reschedule a test?
No problem! We know that things don’t always go to plan, so we don’t charge you any fees to cancel or reschedule a test.