Circlete delivers adversary-grade penetration testing — uncovering hidden vulnerabilities in your networks, web applications, and APIs before they become headlines.
From an entry-level health check to full adversary simulation — we meet you where you are and take you where you need to be.
Not sure where your security stands? The Health Check is our structured entry engagement — a rapid, non-intrusive review of your external exposure, cloud configuration, and dark web footprint. You receive a prioritised risk report and a 30-day improvement plan your team can act on immediately, without needing a full penetration test.
Request a Health CheckSimulate insider threats and post-breach lateral movement across your entire internal infrastructure. We map your AD, enumerate misconfigurations, and escalate privilege — exactly as a real attacker would.
Manual-first, OWASP Top 10 and beyond. We go deeper than automated scanners — chaining business logic flaws, authentication bypasses, and injection vulnerabilities into real-world exploit paths.
Modern apps live and die by their APIs. We test REST, GraphQL, and SOAP endpoints against OWASP API Top 10 — from broken object-level authorization to mass assignment and beyond.
Alongside our offensive security practice, we build custom software solutions for clients who need more than a report — they need a working system.
Knottinger Limited is a Leeds, UK-based brand celebrating colour, craftsmanship and creative expression, and the concept store behind more than 40 independent makers. We designed and built a sales and finance management dashboard that lets Knottinger import sales and commission data directly from their POS systems, then view consolidated statistics on product performance and creator payouts in one place.
Because the store represents dozens of independent makers rather than a single seller, the platform was architected with multi-tenancy at its core — Knottinger can grant each individual creator their own login to view exactly their own sales and commission figures, without visibility into other makers' data. The system follows a multi-tier architecture, with an isolated backend, a dedicated business logic tier, and a separate internet-facing consumer interface, keeping sensitive data and processing away from the public-facing layer.
Circlete was built by practitioners who spent years on both sides of the perimeter. We are a Managed Security Services Provider focused exclusively on offensive security — delivering penetration testing engagements that go beyond checkbox compliance and into real adversarial simulation.
Every engagement is led by a senior consultant. No junior-only teams. No fully automated reports dressed up as manual testing. When we find a vulnerability, we demonstrate its real-world impact — chaining findings into attack paths that tell your board exactly what an attacker would do.
We work with SMEs, fintechs, healthcare providers, and enterprise clients across Sri Lanka and beyond — organizations that cannot afford a breach and demand assurance they can act on. Our deliverables are built for two audiences: your technical team who will fix the issues, and your leadership who needs to understand the risk.
The name Circlete reflects a core belief: security is not a one-time audit. It is a continuous loop — assess, defend, reassess. We partner with clients across that entire cycle.
Ready to know what an attacker would find? Reach out for a scoping call. No obligation, no boilerplate pitch — just a direct conversation about your exposure.