Application security assessment

Application testing is our core area of expertise, and our consultants have been testing web applications professionally since 2013.

Our testing includes the common OWASP top 10 issue catagories from the past few decades, but also includes more esoteric issues identified during our extensive research, training and experience.

Mobile security assessment

Expert-level Android and iOS application testing, with full coverage of the application and related services and infrastructure. We perform manual-focused testing using the latest tools and techniques.

We have also tested Windows Phone, Windows Mobile, Windows CE, QNX and Blackberry applications in our past lives

Thick client assessment

Application, but not a web app? Our consultants have deep experience in testing client-side or thick-client applications on on Windows, Mac and Linux systems. Any built in services or databases can be assessed too.

Over our careers, we have conducted many assessments against Java, C#, C/C++, VB.NET, VB, ActiveX and Flash applications in the financial, logistics and education sectors. We would be happy to test your application too!

Cloud assessments

Test the cloud infrastructure that your application is built on. Using a cloud environment removes a lot of complexity, but the shared-responsibility model means that the client is responsible for secure configuration and use of cloud services. Our consultants have years of experience testing AWS, Azure, GCP, Huawei, IBM, Oracle and other cloud environments.

Secure code review

Line-by-line assessments of software written in common and uncommon languages.

Secure code review or code assisted assessments help find issues that a traditional closed source penetration test can easily miss, or can identify complex issues in a fraction of the time.

API Assessment

Behind many websites is a complex API. Quite often the API doesn't expect users to interact with it directly or lacks sufficient security controls. API assessments help identify many issues that surface-level application tests don't see.

External infrastructure

Ensure the internet-facing servers hosting your applications are secure, and assess any externally facing infrastructure for cybersecurity vulnerabilities that an attacker could use to cause damage or disruption.

Internal infrastructure

Complete assessment of internal corporate networks and related infrastructure, including client, server, functional, IoT and OT devices

Container and kubernetes review

In-depth security review of containers, including those built with Docker and containerd.

Kubernetes assessments of public cloud, private cloud and self hosted environments.

Social Engineering

Phishing and pretexting through email, phone, SMS, social media and other channels.

Our advanced account takeover techniques regularly allow us to defeat MFA protections from major providers. Our skilled operators are effective at compromising organizations using non-technical and blended techniques.

AI and LLM assessments

Test your automated customer service, virtual assistant, design assistant or image generation tools to ensure that they can't be used to compromise your systems or your reputation.

Hardware and embedded device testing

In-depth physical, firmware, software and internet connectivity assessments of embedded, OT and IoT devices.

Ensure that your devices are hardened against compromise, services are protected and data remains secure.

Get a high-quality report in your chosen format

Word? Markdown? LaTex? No report and entering the results into your management system?

Get exactly the report you want, and don't waste budget on busywork. We integrate with your existing systems or can deliver reports in our format. Whatever best meets your needs as a client.

Full aftercare

All engagements include a debrief meeting and followup email, video and phone call support to clients, staff, contractors and auditors.

We want out clients and partners to feel like the assessment was worthwhile, and never want to throw a report at someone and run. We are happy to adapt our deliverables and processes to ensure this.

Integrate seamlessly into your processes

Our focus is to deliver high quality work as an extension of your company, in our role as a trusted advisor.

We use your existing processes and our consultants are onboarded on to your systems in order to eliminate disruption.

Integrate seamlessly into your delivery team

Add our consultants to your teams for existing projects, or get our teams to take on new projects.

We are a virtual "bench" that you don't have to pay to maintain.

In your timezone

Any timezone can be accommodated with a few days notice.

We have consultants in multiple timezones. All have fast internet connections and are willing to get up early or stay up late when needed to ensure that your project is delivered.

Affordable rates

Our rates are affordable compared to the big players and many boutique consultancy firms.

Flexible billing

Standard invoice payment periods are 30 days after invoice issue. Invoices for jobs under 4 weeks are only issued after work is complete and you are happy with the services. Longer work is billed at pre-agreed milestones.

We are willing to accommodate longer payment periods to ensure that you are paid by your client first, before you pay us.