EiferOne is a cybersecurity consultancy specialising in penetration testing, security audits, and compliance consulting for businesses that take security seriously.
EiferOne Ltd is a cybersecurity consultancy founded to give businesses access to the same calibre of security testing that enterprise organisations rely on — at a price point that works for growing companies.
We don't run automated scanners and call it a test. Every engagement is led by experienced security professionals who write reports you can actually act on — with clear remediation steps, business context, and compliance mapping.
Our team has conducted assessments across finance, healthcare, technology, and e-commerce sectors, working against OWASP Top 10, ISO 27001, Cyber Essentials, NIST, and PCI-DSS.
From rapid vulnerability assessments to comprehensive red team engagements — click any service to see exactly what's included and why it matters for your business.
Anonymised engagements showcasing the types of vulnerabilities we've uncovered and remediated for clients across finance, healthcare, and technology.
Discovered unauthenticated SQL injection in a fintech customer portal, allowing full database extraction including encrypted card data. Remediation and re-test delivered within 5 days.
Internal network assessment revealed unpatched EternalBlue-vulnerable machines on clinical networks, with lateral movement paths to patient record systems.
Pre-certification audit for a Series A SaaS company identified 23 control gaps. Client achieved ISO 27001 certification within 4 months of our roadmap delivery.
A prototype of the detailed, actionable reports you receive after every EiferOne engagement. Click any section in the navigation to explore the full report structure.
EiferOne conducted a black-box web application penetration test against Client A's primary customer portal between 12–16 May 2025. The engagement identified 15 vulnerabilities across four severity levels, including three critical findings that would allow an unauthenticated attacker to extract the full customer database and bypass all authentication controls.
The most significant risk to the organisation is the combination of SQL injection vulnerabilities and a complete lack of server-side authorisation checks — both of which are exploitable without any credentials. Immediate remediation of findings EF-001 through EF-004 is strongly recommended before the application is considered fit for production traffic.
The application's WAF (Cloudflare) is effectively bypassed due to origin IP exposure, meaning none of the perimeter security controls are providing meaningful protection in the current configuration.
Testing was conducted against the URLs and IP ranges listed below, strictly within the agreed testing window of 09:00–18:00 BST. No production data was modified or exfiltrated during the engagement. All exploitation was performed against a staging environment mirroring production.
This engagement followed the OWASP Web Security Testing Guide (WSTG v4.2) and findings are scored using the CVSSv3.1 scoring system. Testing phases:
cargaPost.php endpoint fails to sanitise user-supplied input before passing it to backend SQL queries. Injecting a SLEEP(5) payload produced a confirmed ~6 second response delay, proving server-side SQL execution.palabrasClave POST parameter accepts unsanitised input. Injecting ' OR '1'='1 forced a tautology, returning the full database recordset in a single XML response.id parameter accepted with no authorisation check. Iterating the ID returns full user profiles including emails, phone numbers, and password hashes without authentication.Host header in requests causes the application to route traffic to unintended internal virtual hosts, potentially exposing staging or admin interfaces not intended to be publicly reachable.Server and X-Powered-By response headers disclose the exact web server version and backend framework. While not directly exploitable, this reduces the effort required for targeted attack planning.robots.txt file does not restrict access to backend or admin paths, making them trivially discoverable via search engine indexing or automated crawlers. While not a vulnerability, it increases passive attack surface.Findings are prioritised by CVSSv3 score and estimated remediation effort. We recommend addressing all Critical and High findings within 72 hours of report receipt. Medium findings should be scheduled for the next release cycle.
Both SQL injection findings share the same root cause: string concatenation in database queries. Replace all instances with parameterised prepared statements:
EiferOne conducted a free re-test on 28 May 2025 (9 days after report delivery) to verify remediation of all Critical and High findings. Results below.
EF-004 partial note: Cloudflare origin IP restriction was applied to port 443 only. Port 80 (HTTP) still responds directly. Client has been notified — full resolution expected within 24 hours. A final re-test confirmation will be issued at no additional charge.
The following supporting materials are included in the full report PDF delivered to the client. Contact EiferOne to request a full sample report.
// Want the full 40-page report? Contact us and we'll send a complete sample PDF — no obligations.
Security is not a commodity. A flat-rate price tag often means rushed, automated scans. At EiferOne, we price every engagement based on the actual complexity and attack surface of your architecture — so you pay for what you need, and nothing you don't.
We define the boundaries of the engagement — what is in scope and, critically, what is explicitly out of scope. This protects you legally and ensures efficient use of testing time.
The technology stack dictates the time required for deep, manual testing. Automated tools miss business logic flaws — experienced testers don't.
We establish a safe testing environment, agree liability boundaries, and document safe exploitation parameters — standard concerns for any CTO engaging an external security team.
Once we understand your architecture, we produce a transparent, fixed-price Statement of Work with a guaranteed timeline. No hidden fees. No scope creep. No surprises on invoice day.
Fill in the form below — the more detail you provide, the more accurate your quote will be. We respond within 24 hours with a clear scope document and fixed price. No sales calls, no obligations.
Security cannot be commoditised into a shopping cart. These tiers show you the floor — final pricing is scoped to your actual architecture, endpoints, and user roles. Every engagement includes a detailed findings report, compliance mapping, and free re-testing.
All prices shown are starting points. A "web application" could be a three-page brochure site or a containerised Node.js platform with hundreds of API endpoints and complex role hierarchies. We scope every engagement individually so you pay for what your architecture actually requires — not a flat rate that penalises simple projects or loses money on complex ones.
The £499 and £1,499 figures are the floor, not the ceiling. Final pricing is always fixed and agreed in writing before work begins — based on three factors:
A static 10-page site takes a fraction of the time to assess compared to a platform with 200 authenticated API endpoints. The more dynamic surface area, the deeper and longer the engagement needs to be.
Business logic flaws and authorisation bypass vulnerabilities require testing every distinct privilege level — unauthenticated, standard user, admin, super-admin. More roles means more test cases and more time.
A containerised microservices environment, a legacy monolith, and a modern Next.js SaaS platform are not the same job. Tech stack, deployment model, and third-party integrations all affect scope depth.
Not sure which tier fits? Use the scope request form above — give us your URLs, rough endpoint count, and number of user roles, and we'll come back with a fixed-price quote within 24 hours. No obligations.
Request Scope →Penetration testing is a simulated cyberattack by security professionals to find exploitable vulnerabilities before real attackers can. It is required evidence for Cyber Essentials Plus, ISO 27001, SOC 2, and PCI-DSS compliance, and is increasingly expected by enterprise customers and cyber insurers as a condition of doing business.
Before any engagement begins, we agree a formal Statement of Work that defines exactly what we are authorised to test, what we will not attempt, and what constitutes a safe exploitation threshold (for example, we prove SQL injection exists without dumping live customer data). All testing is bounded by written, signed Rules of Engagement — protecting you legally and ensuring zero unplanned disruption to your services.
Yes. EiferOne Ltd carries professional indemnity and cyber liability insurance. Certificates of insurance are available on request prior to engagement. If your procurement team or legal counsel require specific coverage limits, please raise this during scoping and we will accommodate where possible.
A focused web application test takes 3–5 business days. A full infrastructure assessment or ISO 27001 gap analysis typically takes 5–10 business days. We provide a fixed, guaranteed timeline in the Statement of Work before any work begins — you will never receive a surprise mid-engagement scope extension.
The free overview covers SSL/TLS configuration, HTTP security headers, technology stack fingerprinting, DNS configuration checks, and obvious surface-level misconfigurations. Delivered within 24 hours, completely free, with no commitment required. It gives you an honest baseline before deciding whether a full engagement is right for you.
In the vast majority of cases, no. We use targeted, controlled techniques and agree safe exploitation boundaries upfront. Out-of-hours testing windows are available for production environments or sensitive infrastructure where any risk of impact is unacceptable. We strongly recommend staging environments for the most aggressive testing phases.
We test against and map findings to: OWASP Top 10, OWASP API Top 10, OWASP WSTG, NIST CSF, CIS Benchmarks, ISO/IEC 27001, Cyber Essentials and Cyber Essentials Plus, SOC 2, and PCI-DSS. If your target framework is not listed, ask us — we work across a broad range of international standards.
Absolutely. Our Essential Audit starting at £499 was designed specifically for SMEs and funded startups who need professional security testing without a large enterprise budget. Final pricing is scoped to your actual architecture — simple sites stay close to that floor. We give the same quality of work and report format regardless of engagement size.
Whether you need a quick website overview or a comprehensive penetration test, we'll give you honest advice and a fixed quote — no pushy sales calls, no obligation.
30 minutes with our lead analyst — no sales pitch, just an honest look at your security posture and what makes sense for your architecture and budget.