Skip to content

Free Website Pentesting
amid COVID-19

To help organizations fighting the COVID-19 outbreak keep their websites secure,
we are offering limited free penetration testing services.

  • One free website security assessment per qualifying organization
  • Semi-automated, performed by our Security Team
  • Manually reviewed results and recommendations for improvement
REQUEST A FREE PENTEST See sample report
Free Web App Penetration Testing

Why we're doing this

The COVID-19 pandemic is pushing the limits of hospital and medical systems worldwide. But they're not the only ones stretching their boundaries. Food delivery operators, news agencies, government entities, and others are also in the first line of action. Exploiting fear and confusion, cybercriminals are ramping up their malicious operations, going as far as targeting hospitals and other vulnerable organizations.

Our top priority is helping our customers become resilient against cyber attacks, even more so in critical times. That's why we decided to provide FREE WEBSITE PENTESTING SERVICES for a limited time only. This is our way of helping struggling organizations keep their websites resilient and dependable, so they can continue to serve their customers and community.


Customer Satisfaction


Years of Experience


Satisfied Customers


Certified Experts

Your top questions, answered

How do I start?

If you work in an organization that is involved in fighting the COVID-19 pandemic and you want a free assessment of your website security, submit a pentest request here. Please explain your situation and how your organization is involved in handling this crisis.

How do you prioritize pentest requests?

For qualifying organizations, we will perform the tests in a FIFO approach (first come, first served). However, we reserve the right to re-prioritize on a case-by-case basis, according to the specific situation.

How do I know if I've been selected?

You'll get an email from us to let you know if you’ve qualified for a free website penetration test. We’ll also include details about your current position on the waitlist.

How do I know when the pentest has started?

You'll receive an email from us once we start testing your website. You will also be notified when we’ve finished the pentest.

How do you perform the test?

This is a semi-automated assessment and it leverages the tools from After running your website through a set of tools with dedicated configurations, we will manually review the results, validate the most relevant findings, and exclude false positives. We then assemble the valid findings into a report (also created through our platform) and email it to you promptly.

How long does the test take?

This semi-automated pentest usually takes up to 1 day but it can be extended to 2 days, according to the availability of our resources.

Who performs these tests?

The penetration testers on our team are some of the best in the industry. Besides their extensive experience, they also have the following certifications:

What does the report include?

Once we wrap up the test, we'll send you a PDF report with all the information you need to understand, reproduce, and fix your most dangerous website vulnerabilities. Here's what a report looks like.

What approvals do I need?

You need to have explicit authorization from the owner of the website so we can test it for you. If you're using a shared hosting or managed service (e.g. Amazon, Azure, etc.), you need to get explicit permission for the test. We recommend either obtaining this through a clear, specific email or an electronically signed PDF document. We don't need this document ourselves but you will, so it's important to have it prior to applying for a free pentest.

Will my website work as usual while you test it?

The tests that we perform are properly calibrated to not impact how your website works. However, you should know there is always a small risk of something going wrong (usually from the server side). That's why we strongly reccomend you have a working backup of your website before we start the test. What's more, if you observe any weird behavior of your website during the test, please let us know right away and we will immediately pause or stop our assessment.

How can I contact you directly?

Please use this contact form to ask additional questions. We're here to respond and provide any details you may need.

What our pentest report includes

Pentest Report
Pentest Report
Pentest Report
Pentest Report

Report structure

What our customers say about

Charles A. Christenson

“NextWave has relied on for several years now. I’ve tried some of the other pentest systems, but none have the exceptional breadth of quality tools AND reasonable pricing we can afford. This makes a core part of our company’s network security offering. I highly recommend Pentest-Tools.”

Charles A. Christenson

President at NextWave Consulting, Inc.

Paul Liebregts

“Qcast is keen on using because it provides a complete and easy to use in-depth analysis of our public web applications. With it we were able to check for vulnerabilities and stay secure.”

Paul Liebregts

Technical Director at Qcast

Kevin "Bao" Huynh

“We have been using for several years. It is one of those tools that any business owner or manager without technical knowledge can run to get a complete “health” picture of their site. We were able to fix many issues and stay ahead of any bad things that might happen to our website.”

Kevin "Bao" Huynh

President at The Nail Superstore

Request a free website pentest amid COVID-19

Please use the form below to submit your request. We will email you shortly and let you know if you qualify for a free penetration test and what the estimated time of execution is.


Client Requirements:

  • Please use your company email. We will only test websites owned by your company.
  • By submitting this form you explicitly confirm you have permission to perform a penetration test against the target system.
  • If the system is on a shared web hosting (or is a managed service), you need to have explicit permission from the provider of the service.
  • We strongly recommend you have a working backup of the target system. While the chance of anything bad happening is very low, you should know that penetration testing is inherently intrusive and there is a chance that the target system could be negatively impacted by the assessment.


  • You will receive the penetration testing report via email once we finish the test.
  • The report includes manually verified findings and recommendations for fixing the vulnerabilities.
  • Clarifying questions may be conducted via email.