Audits

Application Security Review

Manual code review looking for injection vulnerabilities, broken auth, insecure deserialization, and OWASP Top 10 issues in your codebase.

Dependency Auditing

Scanning and triaging vulnerable dependencies — not just running npm audit, but understanding which CVEs actually matter for your threat model.

API Security Testing

Auth bypass, IDOR, rate limiting gaps, and over-permissive endpoints. Testing the API the way an attacker would, not the way the docs say it works.

Infrastructure Review

Reviewing cloud configs for public S3 buckets, overly permissive IAM roles, exposed ports, and missing encryption at rest and in transit.

Security Report & Remediation

A clear, prioritized report with severity ratings, reproduction steps, and specific remediation guidance — not vague recommendations.