Skip to main content
Most popular

Security Assessment

$1,9991–2 days turnaround

Real proof, not theoretical risks.

Compare all tiersor talk to us first

What's included

Live exploitation with real data

We don't just tell you there's a vulnerability — we prove it. SQL injection returns actual payment records. Unauthenticated endpoints return real customer data. All read-only, all documented with evidence.

PII enumeration

We identify exactly which personal data is accessible: customer names, addresses, phone numbers, emails, dates of birth, employee records, payment data. How many records, how recent, how easy to extract.

File and document exposure

CSV exports, PDF documents, scanned invoices, backup files — we find files sitting in publicly accessible directories and assess the PII they contain.

Attack chain demonstration

Individual weaknesses are concerning. But when they chain together — an exposed endpoint leading to database access leading to credential extraction — the risk multiplies. We map these chains.

Executive report with evidence tables

A 10–25 page report with executive summary, detailed findings with real evidence (tables of extracted data, exact URLs), data exposure summary with record counts, and a prioritised remediation plan.

Full feature list

  • Everything in Quick Scan
  • Live exploitation with real data proof
  • PII enumeration — which records are exposed
  • File and document exposure
  • Attack chain demonstration
  • Executive report (10–25 pages)
  • Prioritised remediation plan

Need more? Need source code review and compliance analysis? The Full Audit adds code-level findings and CCPA/GDPR/PCI DSS gap analysis.

View Full Audit

Built your app with AI? Cursor, Copilot, v0, Bolt, Lovable, Replit — we have a dedicated assessment for AI-built apps.

Security for AI-built apps

How we test

The Security Assessment includes 4 methodology phases. Each phase follows the OWASP Testing Guide.

1

External Surface Analysis

URL discovery, sensitive files, authentication testing, security headers, SSL/TLS, server disclosure, CORS, API endpoint discovery.

2

Live Exploitation

Read-only live testing proving vulnerabilities with real data. SQL injection, authentication bypass, IDOR, API parameter tampering, attack chain construction.

3

PII Enumeration

Customer records, employee records, payment data, data freshness, record counts. All PII redacted in reports.

4

File & Document Exposure

Directory listings, CSV/Excel exports, PDFs, images, scanned documents, backup files, log files. PII content assessment.

See the full 8-phase methodology

The report

10–25 pages. Plain English. Written so your CEO can read it.

  • Executive summary with overall risk rating
  • Findings summary table (severity, category, status)
  • Detailed findings with real evidence — tables of extracted data, URLs, screenshots
  • Attack chain analysis showing how weaknesses combine
  • Data exposure summary with record counts
  • Prioritised remediation plan (do today / this week / this month)
  • Methodology appendix
See a sample report

How this compares

A traditional security firm charges $20,000–$35,000 for equivalent work and takes 2–3 weeks. Our Security Assessment delivers the same depth of analysis in 1–2 days.

Have a question?

Ask anything about the service — pricing, methodology, report format, or which tier is right for you.

Try one of these, or ask anything about the service:

Hit Enter to send

Ready to start?

Security Assessment$1,999. 1–2 days turnaround. Buy online, we start within 24 hours.

Compare all tiers

or talk to us first