I perform a manual security review of your public-facing website or web application. The assessment focuses on identifying common web vulnerabilities that could lead to unauthorized access, data exposure, account compromise, or abuse of application functionality.
The assessment is limited to publicly accessible functionality and does not include source code review, infrastructure testing, denial-of-service testing, or social engineering.
After you submit your website I will review the application and identify areas that are in scope for testing. This will be verified with you before I begin.
Estimated time to completion: 24hI will begin testing the application for common web vulnerabilities and security weaknesses. Automated tools may be used to assist with the process but all findings will be manually verified.
Estimated time to completion: depends entirely on the size of your application and scope. Anywhere from 1-2 weeks.At the end of the engagement you will receive a clear report summarizing the assesment and any identified vulnerabilites
Estimated time to completion: ~24-48h, depending on amount of vulnerabilities foundI will remain available to answer any questions about the findings and recommendations to fix the vulnerabilities.
To avoid misunderstandings, the following are not included in the engagement:
This is a pilot offering. The assessment is provided free of charge while I continue building experience and collecting feedback. In return, I may ask for a testimonial if you find the report valuable.
Like any security assessment, this review does not guarantee that all vulnerabilities will be identified. The goal is to identify security issues that can be reasonably discovered within the scope and time available.
I have 2 years of web development experience, and am a self-taught JWPT (junior web penetration tester). You can visit my blog where I go through existing vulnerabilities that I have found and written either a walk-through or report for.
You receive a clear security report with any findings, severity ratings, reproduction steps, potential impact, and suggested fixes.
No. This is a focused manual web security review. It is not a full enterprise penetration test, compliance audit, or source code review.
This is a limited pilot offer while I refine my process, build experience, and collect feedback. In return, I may ask for a testimonial if the report is useful to you.
No security assessment can guarantee that every issue will be discovered. The goal is to identify vulnerabilities that can reasonably be found within the agreed scope.
Not always. Depending on your application I will usually make a test account. However if you have functionality behind a paywall or different user role, and would like me to include it in the review, I will request you provide me with sufficient permissions.
The review focuses on finding and explaining issues. Fixes are not included by default, but I can usually give practical remediation guidance.
Enter your details in the form above and fill out the questions form. If you don't have a website or don't wish to submit it yet, enter "https://example.com" or the like. I will contact you via email.