Services

Penetration testing

Manual testing of web applications, REST and GraphQL APIs, cloud configuration, and mobile applications, with source code review where access permits. Each finding is documented with reproduction steps, impact, and a recommended fix; a re-test after remediation is part of the engagement.

Details and scope

Security advisory

A retained number of hours per month for teams that need security judgment but not a full-time hire: code review, threat models, architecture decisions, vendor questions, and support during audits. Async by default, during EU business hours. Cancellable at the end of any month.

How retainers are structured

Bug bounty consulting

Planning and launch support for bug bounty and vulnerability disclosure programs: scope documents, rules of engagement, payout structures, internal handling processes, and platform selection. I accept no referral fees from platforms.

Program consulting in detail

Triage as a service

Handling of incoming vulnerability reports inside your existing HackerOne, Bugcrowd, or Intigriti program: reproduction, severity assessment, deduplication, out-of-scope filtering, and researcher communication. Billed per validated report, or monthly once volume is predictable.

How triage works

WordPress incident response

Cleanup of compromised WordPress sites at a flat rate of $279 per site: removal of malware, backdoors, and injected spam; identification and closure of the entry point; blocklist reconsideration requests; and a written report of what happened.

Cleanup process and scope