Frequently Asked Questions.
Most of our audits take anywhere from 2 to 4 weeks, however, the length depends on how complex the software is and how many features have to be tested. The larger the software, the longer the audit.
When we perform an audit, there is a lengthy planning process that requires us to map out every single feature and determine what vulnerabilities will be tested against each. It's not uncommon for us to spend almost a week just planning the audit without any testing involved.
Quotes are based on the number of weeks required for us to plan for the audit, perform the actual audit and then write up our report.
We do offer monthly payment plans to established developers looking for an audit.
Unfortunately, we are not able to offer this option for new developers as there is too much risk of not being paid later on should the business go under, etc. Please contact us anyway, as we may still be able to work out a deal if a monthly payment plan is not available.
Access to the source code is highly recommended but not necessary. We have done many audits without access to the source code and were still able to find countless vulnerabilities. When we do have access to the source code, the chance of us missing an SQL Injection or Local File Inclusion is greatly lowered which is why we prefer to have access.
Should you provide access to the source code, we can sign an NDA if you have one available. Everything we do is confidential and will never be shared with anyone else, regardless of an NDA being signed. Once we are done with the audit, any copies of the source code will be removed from our servers.
It's our opinion that no software will ever be 100% hacker proof and as such, we make no guarantees or promises of any kind.
When it comes to finding security vulnerabilities, we have a proven track record but we also accept that we cannot find everything. We strive to find 99% of security vulnerabilities during every audit, but we will never claim to be able to find 100% as that is just not realistic.
The frank reality is, no software will ever be 100% hacker proof and no security company will ever be able to find 100% of the security vulnerabilities. Anyone who says otherwise, is only interested in selling a myth.