Skip to main content

Full Audit

$3,9992–3 days turnaround

Everything, including your source code.

Requires codebase access (git repository or file transfer)

Compare all tiersor talk to us first

What's included

Source code review

Systematic review of your entire codebase: hardcoded credentials, SQL injection patterns, authentication and session management, authorisation gaps, XSS vectors, CSRF protection, file upload security, command injection, dependency audit.

Credential audit

Every secret in the codebase collected, classified by severity, and assessed. Hardcoded passwords, API keys, JWT secrets, database connection strings. Credential reuse testing and rotation recommendations.

Compliance readiness

CCPA: applicability, statutory damages calculation, required mechanisms. GDPR: lawful basis, privacy notices, breach notification. PCI DSS: cardholder data storage, encryption. This is a readiness assessment — we identify gaps and explain consequences.

Comprehensive report with compliance context

A 25–50 page report with everything from the Security Assessment plus source code findings, credential audit results, and compliance gap analysis with statutory context (potential fines, liability per record). Separate technical appendix for your dev team.

Full feature list

  • Everything in Security Assessment
  • Source code review
  • Credential audit
  • CCPA, GDPR, PCI DSS gap analysis
  • Comprehensive report (25–50 pages)
  • Compliance exposure analysis
  • Full remediation roadmap

Need more? Want a codebase health assessment on top? The Complete Package adds architecture review, modernisation roadmap, and saves you money.

View Complete Package

Built your app with AI? Cursor, Copilot, v0, Bolt, Lovable, Replit — we have a dedicated assessment for AI-built apps.

Security for AI-built apps

How we test

The Full Audit includes 7 methodology phases. Each phase follows the OWASP Testing Guide.

1

External Surface Analysis

URL discovery, sensitive files, authentication testing, security headers, SSL/TLS, server disclosure, CORS, API endpoint discovery.

2

Source Code Review

Hardcoded credentials, SQL injection patterns, authentication and session management, authorisation, XSS, CSRF, file upload security, command injection, dependency audit.

3

Live Exploitation

Read-only live testing proving vulnerabilities with real data. SQL injection, authentication bypass, IDOR, API parameter tampering, attack chain construction.

4

PII Enumeration

Customer records, employee records, payment data, data freshness, record counts.

5

Credential Audit

Every secret collected and classified. Credential reuse, password quality, rotation recommendations with priority.

6

File & Document Exposure

Directory listings, CSV/Excel exports, PDFs, images, scanned documents, backup files, log files.

7

Compliance Readiness

CCPA, GDPR, PCI DSS gap analysis with statutory damages context and required mechanisms.

See the full 8-phase methodology

The report

25–50 pages. Plain English. Written so your CEO can read it.

  • Everything in the Security Assessment report
  • Source code findings with code-level remediation guidance
  • Credential audit results with severity classification
  • Compliance readiness section (CCPA/GDPR/PCI DSS gap analysis)
  • Statutory context — potential fines, liability per record, notification obligations
  • Separate technical appendix for your development team
See a sample report

How this compares

A traditional security firm charges $35,000–$55,000 for equivalent work and takes 3–4 weeks. Our Full Audit delivers the same scope in 2–3 days.

Have a question?

Ask anything about the service — pricing, methodology, report format, or which tier is right for you.

Try one of these, or ask anything about the service:

Hit Enter to send

Ready to start?

Full Audit$3,999. 2–3 days turnaround. Buy online, we start within 24 hours.

Compare all tiers

or talk to us first