Get Secured
Internal

Audit ProcessProcessProcess

Confidential, for internal use only — do not share outside of your organisation

Manual review by an elite team — usually 4 Senior security contest champions. We find a ton of vulnerabilities — be prepared. More details below

Simple Overview
1

We create a group chat with your devs and our auditors for bi-directional ask of questions

2

We start the audit when code is feature-frozen and ready. We start hunting for vulnerabilities.

3

We fully focus on finding as many and as deep vulnerabilities as possible — we share findings after the first week the earliest to keep this full focus (this serves you)

4

When we share all vulnerability findings with you, you can apply fixes

5

We review all fixes for you (extra work, included in price!) and we compile a PDF report

6

Done!

Sharing Findings

For multi-week audits (>14 days), we usually share current findings every week:

Weekly findings:

  • haven’t been reviewed and verified
  • can be invalid
  • are not deduplicated
  • are not polished
  • severities are likely to be wrong

They are just to show our current progress. You can start fixing the issues, but when fixing, reference not the Github issue number or name (as they will change), but the actual vulnerability name. This will help us track fixes later.

At the end of the audit timeline, we will share a Github repository with all vulnerabilities found

If you prefer to receive findings earlier or more frequently — please let us know. This will require us to adjust our audit workflow and shift from a fully focused review to a more iterative process, but it is possible. We will adapt the process specifically for your audit to make it work.

We log everything we find (apart from Informational issues, we share these directly in this group). Sometimes this results in a higher number of findings than expected, so you’d spend just a bit more effort reviewing, but it’s intentional: we prefer to slightly over-report than risk missing something important. Trust us — this approach benefits your security in the long run.

Reviewing Fixes

We start reviewing fixes only when all fixes are applied.

We take 1–5 days to review fixes and confirm internally. We discuss findings in related Github issue comments, please join us there.

If findings are fixed incorrectly, or we found other issues, we will write about it in the issues comments. Please post the commit with the new fix in the issue comments as soon as possible.

PDF Report

After the fix review, we usually take 3–5 days to render the PDF report.

If you need it sooner we will do it for you, of course, just let us know.