Engagement Process
What does an engagement typically look like?
A scoping call to understand your application, threat model, and compliance needs. Then a proposal with timeline, cost, and methodology. Once approved, testing begins — typically wrapped up within 1–3 weeks depending on scope. You receive a detailed report with findings, proof-of-concepts, and remediation guidance.
Do you sign NDAs before starting?
Yes. An NDA and confidentiality agreement are signed before any access is granted or testing begins.
How quickly can you deliver the project?
Depending on the queue at the time of request. If you need an earlier slot, reach out before raising a payment request.
Can you work with our development team directly?
Yes. A developer Q&A and remediation session is part of every engagement. I walk your engineers through the findings and answer questions on fixes.
Deliverables & Reporting
What do I receive at the end of an engagement?
A detailed report with CVSS-rated findings, line-by-line annotations, proof-of-concept demonstrations, and secure coding recommendations. An executive summary is included for stakeholders who need a high-level view.
Do you offer retesting after remediation?
Yes. A retest window is included with every engagement to verify that identified vulnerabilities have been properly fixed.
Services & Integration
What types of testing do you offer?
Web application penetration testing, API security testing, mobile app penetration testing, cloud security assessments, secure code reviews, and software composition analysis. Each can be scoped independently or combined.
Can you integrate security tools with our CI/CD pipeline?
Yes. With authorization, I integrate AppSec tools into your CI/CD pipeline. Engineered to fail builds strictly on High/Critical findings to maintain engineering velocity.
Which industries do you work with?
SaaS, FinTech, E-commerce, Healthcare, Travel, AI, and Education. Each engagement is tailored to the sector’s regulatory and threat landscape.