Pentest's Agile Development Testing Service is a penetration testing offering designed to integrate with agile and DevOps development workflows. Unlike traditional end-of-lifecycle penetration testing, this service targets specific application updates or new features on an ad-hoc basis, allowing security testing to occur throughout the development process. The service is conducted manually by employed security consultants and is scoped per engagement based on client requirements. Testing areas include: - Security configuration and authentication mechanisms - Application functionality, technology, and data flow - Susceptibility to XSS, SQL injection, and other injection-based attacks - Data transfer security, password handling, and sensitive data storage - Logic flaws such as access control and broken authorisation - OWASP Top 10 vulnerabilities The engagement process consists of four stages: 1. Requirements gathering and bespoke scoping 2. Manual, expert-led testing 3. Tailored reporting with remediation advice, delivered via ticketing systems or communication platforms such as Slack 4. Post-test support including fix checks and additional documentation Findings can be delivered through a ticketing system or directly over a Slack channel, accommodating fast-moving development teams. The service is positioned as a complement to annual full-application penetration tests rather than a replacement.