Free · 30 minutes · No obligation
The free audit runs the same probes an attacker would.
Thirty minutes on a live call to scope what to focus on. Read-only access to your repo so we can read the code and curl your endpoints ourselves. Within forty-eight hours, a one-page list of findings lands in your inbox. Severity-ranked. Recommended fixes per finding. No sales pitch.
Read-only access for the audit window only. Written findings within two business days. No follow-up unless you ask.
§ I. What we run during the audit
The checks, in order.
- 01 We probe your auth endpoints for missing checks
- 02 We curl your API routes from a logged-out session
- 03 We inspect the client bundle for leaked secrets
- 04 We test webhook handlers for missing signature verification
- 05 We check the database for missing row-level security
- 06 We read error responses for leaked stack traces
- 07 We probe input validation on user-controlled fields
A free audit won't surface every issue. That's what the Express audit covers. But the probes find enough to tell you whether your app has the patterns that cause breaches, and whether the deeper audit is worth your money.
§ II. What you get
What we promise.
- No pitch
- We tell you what we found. You decide what to do with it.
- 48-hour turnaround
- Written list of findings in your inbox within two business days of the call.
- Read-only access
- Read-only repo invite for the audit window. No commits, no deploys, no changes to your code.