By DNSystemsLLC (dnsystemsllc.com/contact)

see: ptrg.dnsystemsllc.com/new-client

Are you losing prospects between “yes, please pentest us” and “here is the signed SOW.”??

Not because the technical work is hard, but because the paperwork phase turns into a seventeen-email scavenger hunt. Each email is a chance for the prospect to ghost. In our own experiences we estimate that roughly thirty percent of pipelines die between the free discovery call and the kickoff meeting -- purely because of paperwork latency.

This is why DNSystems LLC built the entire pre-engagement phase as a public, self-serve flow.

It lives at /new-client. Six steps. Total time from discovery-call-end to test-ready: a target of fourteen days, with no human-in-the-loop required for paperwork.

1. Step one is the free discovery call. Fifteen to thirty minutes, booked through MailerLite. Tell us what you want pentested. Zero commitment.

   
   

2. Step two is the Pre-Engagement Acknowledgment. One page. Cryptographically signed in your browser. Three explicit attestations: you agree to the document in its entirety, you agree the fees are non-refundable, and you agree to the no-chargeback clause. We render a PDF, sha256-hash it, and email you a copy immediately via Resend. No DocuSign account required. Two minutes.

   
   

3. Step three is paying the $1,500 Engagement Prep Fee plus a $250 Retainer. Stripe checkout, automatically audit-linked to your signed acknowledgment from step two—meaning the receipt PDF you get back has the acknowledgment envelope ID printed on it, and our internal records show one continuous audit trail from “prospect signed legal doc” through “Stripe charged successfully” through “engagement record created in PTRG.”

   
   

4. Step four is the paid one-on-one consultation. $150 via MailerLite. Sixty minutes with our principal pentester. We co-author your Statement of Work live on the call.

   
   

5. Step five is signing the SOW in PTRG. No external email back-and-forth. Once both parties sign in the portal, your engagement transitions from “prospect” to “draft” status and your test window calendars.

   
   

6. Step six is the post-SOW kickoff meeting. Free, included in the prep fee. We validate scope one last time, swap credentials into the encrypted vault, lock the Rules of Engagement, and turn the lights on for testing.

Why did we build the e-signature from scratch instead of using DocuSign? Three reasons.

1. First, $35 per user per month is real money when you’re issuing ten of these per quarter.

   
   

2. Second, our cryptographic primitives are sound—sha256 over canonical JSON of the document content plus signer identity plus the typed signature plus all three attestation booleans, meaning tampering with any field changes the hash, and the hash is printed on the resulting PDF. ESIGN Act of 2000 compliance is achieved with typed signature plus explicit intent attestation plus a retained record.

   
   

3. Third, we don’t ship our client list to a third-party vendor.

The Pre-Engagement Acknowledgment form was deliberately designed so that real edge cases work. Solo developers testing their SaaS pre-launch. Bug bounty researchers with no LLC. Pre-incorporation founders. Nonprofits. Academic research groups. Only three fields are truly required—your company name (or your full name if no entity), your signer name, and your email. State of formation, entity type, and signer title are all optional. The form clearly labels which is which.

Also new in this release: a Personal Docs Vault on the My Docs page. Every PTRG user gets their own AES-256-GCM encrypted PDF locker for their own legal templates—Rules of Engagement, SOWs, NDAs, MSAs, insurance certificates, anything PDF. Tier-gated quotas: trial users get three files totaling thirty megabytes, the Pentester tier gets ten files at one hundred megabytes, and Engage Plus, Squadron, and Command users get fifty files at five hundred megabytes. Magic-byte checked, ClamAV scanned, encrypted at rest with a key derived from our platform-level secret. AES round-trip verified—sha256 of decrypted bytes matches the uploaded original byte for byte. If a client gives you their own NDA template, you no longer need to email it to yourself or stash it in Dropbox. Upload it once. PTRG keeps it encrypted next to their signed engagement docs.

A separate quality-of-life fix on the operator side: the per-engagement-row action buttons used to be one ambiguous “Generate” button that both produced the report bundle and opened the email-to-client dialog. Operators kept hitting it expecting a preview refresh, then panicking when an email dialog popped up. Now there are two distinct buttons. The first generates the full report bundle—PDF report plus Beamer slide-deck PDF plus findings CSV plus, depending on your tier, DOCX and SARIF exports—and archives the bundle under a new Report Number. No email is sent. The second button opens the email-to-client dialog with the contact pre-filled and the prior bundle’s encrypted PDF attached. Two clicks instead of one, but zero ambiguity, zero accidental sends.

We also baked a “REPORT INCOMPLETE” diagonal red watermark into every PDF generated from an engagement in draft or in-progress status. The watermark disappears the moment the engagement flips to completed or delivered—our auto-regenerate hook re-renders a clean copy and replaces the watermarked one in the bundle. Why does this matter? A partially-completed report PDF accidentally emailed or screen-shared to a client, or worse to a stakeholder or a sales prospect, is exactly the kind of trust-incinerating mistake that ends a consultancy.

The last few production fixes are worth mentioning briefly. A Content-Security-Policy adjustment to allow blob: URLs in connect-src, which had been quietly blocking the secure PDF viewer with a misleading “Unexpected server response (0)” error. A sandbox-skip path on the deliver-report endpoint so the guided tour can demonstrate the Completed-to-Delivered status flip without a real Resend key. A clipboard fallback on the vault-password copy buttons so they work on browsers that block the Clipboard API.

Compliance progress: DNSystems is now ESIGN Act compliant, our CSP is hardened with no unsafe-eval and no wildcard connect-src, all passwords use Argon2id with bcrypt fully purged, MFA secrets and personal documents are encrypted at rest with AES-256-GCM, and engagement bundles use qpdf AES-256. CSA STAR Level 1 self-assessment is in progress. SOC 2 Type One preparation is backlogged for Q2 2026.

Try PTRG v0.7.3 today at ptrg.dnsystemsllc.com. New prospect? Walk through the six steps at ptrg.dnsystemsllc.com/new-client. Questions or feature requests, email dns@dnsystemsllc.com.

PTRG. Built by pentesters, for pentesters.

— DNSystems LLC · 17 May 2026