Security Assessment Methodology
8 phases. OWASP-aligned. Same rigour as traditional firms — delivered in days, not weeks.
Process timeline
From purchase to report in days, not weeks. Here's exactly what happens at each stage.
Purchase
Choose your tier and complete payment via Stripe. You'll receive a confirmation email with your engagement letter and authorisation form.
Authorisation
Sign and return the authorisation form. This is a legal requirement — no testing begins without written permission. For Full Audit, provide codebase access.
Intake
We confirm scope (your domain and any specific areas of concern), set up secure communication, and schedule testing to begin within 24 hours.
Testing
AI-assisted analysis systematically tests every publicly accessible endpoint. For deeper tiers, live exploitation proves vulnerabilities with real data (read-only). Source code review runs in parallel for Full Audit.
Report
Plain-English report delivered via secure, expiring link. Every finding includes real evidence, business impact, and specific remediation steps. Prioritised so you know what to fix first.
Walkthrough
Free 30-minute walkthrough call included with all tiers. We walk through every finding, answer questions, and help you plan remediation. Optional but recommended.
Timing varies by tier: Quick Scan reports are typically delivered same day. Security Assessment: 1–2 days. Full Audit: 2–3 days. Complete Package: 3–5 days.
Test coverage by tier
Based on the OWASP Top 10 and extended with PII-specific and compliance checks. Higher tiers include everything below them.
Broken Access Control
Cryptographic Failures
Injection (SQLi, XSS, etc.)
Insecure Design
Security Misconfiguration
Vulnerable Components
Authentication Failures
Data Integrity Failures
Logging & Monitoring Gaps
Server-Side Request Forgery
PII & Document Exposure
Compliance Readiness (CCPA/GDPR/PCI)
8-phase methodology
Our assessment follows a systematic methodology. Which phases are included depends on the tier you choose.
Additional services
Available alongside any tier, or as standalone engagements.
Codebase Health Assessment
standalone, or +$2,499 as add-on to any tier
A pure engineering review — no security testing. Understand the state of your codebase and get a clear modernisation plan.
- Tech stack identification with version and EOL status for every dependency
- Code quality metrics: file counts, duplication, complexity, test coverage, dead code
- Architecture assessment: structure, separation of concerns, database access patterns
- Database schema, indexing, and migration health
- Build and deployment pipeline assessment
- 2–3 modernisation options (incremental / partial rewrite / full rebuild) with cost ranges
- Prioritised roadmap: immediate, short-term, medium-term, long-term
Remediation Retesting
available after any assessment
After you've fixed the issues we found, we retest to confirm they're properly resolved. Get an updated report you can share with auditors, clients, or insurers.
- Re-test every finding from the original report
- Confirm which findings are resolved vs still open
- Updated report with resolution status for each finding
- Suitable for sharing with auditors, insurers, or clients as evidence of remediation
Ready to start?
Pick a tier and get your report in days, not weeks.