Services

Test d'intrusion

Manual testing of web applications, REST and GraphQL APIs, cloud configuration, and mobile applications, with source code review where access permits. Each finding is documented with reproduction steps, impact, and a recommended fix; a re-test after remediation is part of the engagement.

Details and scope

Conseil en sécurité

A retained number of hours per month for teams that need security judgment but not a full-time hire: code review, threat models, architecture decisions, vendor questions, and support during audits. Async by default, during EU business hours. Cancellable at the end of any month.

How retainers are structured

Conseil bug bounty

Planning and launch support for bug bounty and vulnerability disclosure programs: scope documents, rules of engagement, payout structures, internal handling processes, and platform selection. I accept no referral fees from platforms.

Program consulting in detail

Triage en tant que service

Handling of incoming vulnerability reports inside your existing HackerOne, Bugcrowd, or Intigriti program: reproduction, severity assessment, deduplication, out-of-scope filtering, and researcher communication. Billed per validated report, or monthly once volume is predictable.

Comment ça marche

Réponse à incident WordPress

Cleanup of compromised WordPress sites at a flat rate of $279 per site: removal of malware, backdoors, and injected spam; identification and closure of the entry point; blocklist reconsideration requests; and a written report of what happened.

Cleanup process and scope