Our Features

How It Works

Subscribe & Register

Subscribe to our service that allows you to initiate pentesting on your website, application, network or cloud infrastructure.

Provide Target Details

Tell us more about the target website, application and/or infrastructure.

Digitally Sign an Authority Letter

Authorize us so we can legally perform security testing on the target system.

Initiate Testing

Initiate your security testing whenever you’re ready.

Consultant Grade Testing

A key differentiator from any other product offering manual penetration testing and verification of findings including false positive removal.

Track, Download & Manage

An OWASP-compliant report is ready for you to see what can be exploited, issue severity, proof-of-concept and how to remediate. Manage your vulnerabilities across your all assets in a single pane including marking them as Open, Closed, Accepted, etc. for vulnerability management.



  • Fit for infrastructure or a hosting server
  • On-Demand Vulnerability Scanning
  • Network Layer Testing
  • False Positive Elimination
  • Up to 10 public IP address
  • Retest at your disposal
  • Custom Report

Buy Now

Basic Webapp

  • Fit for brochureware and/or static applications
  • Unauthenticated Black Box Testing
  • On-Demand Application Security Scanning
  • Checks for webapp vulnerabilities such as SQLi, cross-site scripting in unauthenticated areas
  • Manual testing & validation of vulnerabilities
  • Retest or feature testing at a flat one-time fee
  • Custom Report

Buy Now

Business Webapp

  • Fit for business applications
  • On-Demand Application Security Scanning
  • Everything in Modern app
  • Access Control checks including privilege escalation
  • Up to two user role
  • One retest included
  • Additional retest or feature testing at a flat one-time fee

Buy Now

Got an Enterprise app?

Get in touch

to explore our pricing plans

Happy Customers

Meet Our Team

We are a highly passionate team built on 25+ years of security experience, trust and transparency. We treat quality and professionalism above everything.

Graeme Neilson

Graeme Neilson

Advisor Board Member
Ex-Chief Research Officer
Redshield, Security Researcher
Emmanuel Law

Emmanuel Law

Advisor Board Member
Ex-Google, Security Researcher
Nilesh Kapoor

Nilesh Kapoor

Founder & CEO
CREST CRT, CPSA, CISSP, Security Researcher
Anuj Agarwal

Anuj Agarwal

Head of Engineering
Ex-Cadence Design Systems, Amdocs

Frequently Asked Questions

What is the turnaround time for infrastructure and webapp testing?

In most cases the infrastructure report is delivered within 24 hours and the webapp report takes 2-5 working days depending on the complexity of the application and the plan you have picked.

What does report include?

The report include vulnerability details, severity rating, steps to reproduce and recommendation for your team. Our reports are OWASP-compliant and comparable to any other penetration test reports.

Will I be able to communicate with a pen tester?

A pen tester is assigned to your job when you subscribe and digitally sign an authorisation letter with us. You can reach out to your assigned pen tester anytime during the assessment period or reach us anytime at [email protected].

How does pricing structure look like for one-off or multiple rounds of testing for the same target?

Our flat fee structure is for one-off testing only with an exception of another retest in the Business plan. You can request additional testing on the same or different target anytime from your Blacklock account.

Our organisation have multiple applications, can you help?

Absolutely. Blacklock is a scalable service that allows you to manage all your security testing needs in a single pane. Get in touch for a demo and explore multiple application pricing plan.

Can I cancel my scan after subscription?

The scan initiates only after you have digitally signed an authorisation letter. You can cancel any time before you sign an authorisation letter.

Our Blog


Keeping up with the best at the CHCon Hacker Conference

Blacklock Security Nov. 11, 2021

Purple Teams, cables and continuous assurance; CHCon took place on November 5-6 in Christchurch in the historic Main Hall at the Arts Centre heritage site. Blacklock was proud to be a Bronze spons…

Continue Reading


Agile Penetration Testing: What, Why & How?

Blacklock Security Oct. 29, 2021

Agile methodologies in software development have accelerated in recent years, helping businesses provide value to customers much faster. This approach takes an interactive approach to software dev…

Continue Reading


PTaaS and Its End-User Benefits

Blacklock Security Sept. 20, 2021

Digitalisation has made many businesses adopt new technologies at an ever-increasing rate. The change to agile approaches has been central to all this, as they enabl…

Continue Reading

About Us

Our mission is to bridge the gap between automated and manual penetration testing – with automation.


Blacklock is a Penetration Testing as a Service (PTaaS) that automates the discovery of security vulnerabilities in your Internet-facing assets and manage them from a single pane of glass. We love to make security things simpler, practical and approachable.

As penetration testing experts ourselves, we’ve felt the complex process of getting a security testing completed and then continuously managing the vulnerabilities, penetration testing reports, recurring tests, their reports, etc. – it just becomes more complex, expensive and unmanageable overtime. Our team has built a new way to do the security right!

Blacklock is a service of “Security Simplified Limited”, a boutique penetration testing services company specialised in web application security, infrastructure security, mobile security, secure by design, IT security training and advanced offensive/defensive security services.

Contact Us

Level 7, 101 Molesworth Street,
Thorndon Wellington 6011
New Zealand

Contact Us