Services

Manual, impact-first security testing

Every engagement is a hands-on hunt — not a scanner report with a logo on it. I test the full OWASP surface, chase the highest-impact outcome the target allows, and hand you reproducible, prioritized findings you can actually act on.

Core

Web Application Penetration Test

A complete WSTG-driven assessment of your web app — authenticated and unauthenticated, across every role.

  • Authentication, session, MFA & password-reset flows
  • Access control — IDOR, privilege escalation, multi-tenant isolation
  • Injection — SQLi, SSTI, command, XXE
  • Business logic, race conditions & payment flows
  • Client-side — XSS, DOM, postMessage, prototype pollution
Core

API Security Testing

REST and GraphQL, mapped from your spec or reverse-engineered from a mobile/SPA backend.

  • OWASP API Top 10 — full coverage
  • BOLA / BFLA object & function-level authorization
  • Mass assignment & excessive data exposure
  • GraphQL introspection, batching & depth abuse
  • JWT flaws & rate-limit bypass

Source-Code Audit

Static review that reads the actual code and traces tainted input to real sinks — then validates each lead against a live target.

  • Dangerous sinks — deserialization, eval, template, raw SQL
  • Missing / broken authorization checks
  • Hardcoded secrets & crypto misuse
  • Language-specific footguns (JS, Python, PHP, Java, Go, Ruby)

Cloud & SaaS Configuration Review

The perimeter beyond the app — where a single misconfig becomes full compromise.

  • Subdomain / service takeover
  • Open & writable buckets, exposed management endpoints
  • SSRF-to-metadata & credential theft chains
  • IAM over-permissioning & assume-role abuse
Specialist

LLM / AI Feature Security

A high-value, low-competition surface most testers skip entirely.

  • Direct & indirect prompt injection
  • System-prompt extraction & jailbreak chains
  • Insecure tool / function-call abuse
  • RAG poisoning & excessive agency
Ongoing

Continuous Attack-Surface Monitoring

Your surface changes weekly. This keeps watching after the test is over.

  • Recurring subdomain & asset discovery
  • Exposed-service & secret-leak alerting
  • Regression retesting of prior findings
  • Quarterly focused deep-dives
What you receive

Deliverables built to be acted on

A report is only useful if your engineers can fix from it. Every finding is self-contained, evidenced, and severity-honest.

  • Executive summary — risk posture in plain language for leadership.
  • Per-finding detail — description, CVSS, business impact, and step-by-step reproduction.
  • Real PoCs — captured live, with the exact request/response evidence.
  • Remediation guidance — specific, code-level fixes, not generic advice.
  • Coverage matrix — every test class marked tested / N-A, so you know what was actually looked at.
  • Free retest — I re-validate your fixes once, included.
Engagement packages

Scoped to your risk, not a fixed menu

Every quote is scoped to your actual surface. These are typical shapes — reach out and I'll tailor one.

Focused Assessment
Custom quote

A single app, API, or specific concern — fast, deep, and tightly scoped.

  • One target / surface
  • Full WSTG or API Top 10 pass
  • Prioritized report + PoCs
  • One free retest
Request a quote
Full Pentest
Custom quote · most popular

Your whole application estate — web, API, cloud, and auth — tested end to end.

  • Multi-surface: web + API + cloud
  • All roles & tenants
  • Executive + technical report
  • Remediation guidance + retest
  • Debrief call with your team
Book this
Continuous / Retainer
Custom quote

Ongoing testing and attack-surface monitoring as your product ships.

  • Recurring recon & monitoring
  • Quarterly deep-dives
  • Priority ad-hoc testing
  • hackz scanner deployment option
Let's talk

Not sure which fits?

Send me a couple of lines about what you're building. I'll tell you honestly where I'd start and what a right-sized engagement looks like.

Start the conversation →