Modern
penetration tests
for startups
Satisfy SOC2 compliance requirements and vendor security assessments across web and mobile applications, APIs, and external network infrastructure.
Trusted by some of the world’s most innovative companies
Meet compliance goals,
satisfy vendor requests
Our pentests satisfy compliance requirements for SOC2, ISO 27001, HIPAA and for vendor and partner requests from even the largest enterprises in the world.
Federacy has been a great security partner. Their team is incredibly thorough in their testing and their deep knowledge around all things security and engineering has been invaluable for our fast-moving team. We've really enjoyed the level of support they provide via Slack as well.
Sumukh Sridhara General Manager, AngelList
OWASP ASVS Standard
Security Controls | Tests |
---|---|
Architecture, Design, Threat Modeling | 42 |
Authentication | 57 |
Session management | 20 |
Access Control | 10 |
Validation, Sanitization and Encoding | 30 |
Stored Cryptography | 16 |
Error Handling and Logging | 13 |
Data Protection | 17 |
Communications | 8 |
Malicious Code | 10 |
Business Logic | 8 |
File and Resources | 15 |
API and Web Service | 15 |
Configuration | 25 |
Dramatically reduce security risk
We perform manual penetration testing that simulates real-life attacks and use cutting-edge
research techniques to uncover vulnerabilities in your websites, applications, and more.
Our rigorous evaluation methodology includes over 100 hours of manual testing and over 200
individual tests and security checks. It incorporates industry leading specifications including
the OWASP Application Security Verification Standard (ASVS), Testing Guide, NIST SP 800-53A and
the Open Source Security Testing Methodology Manual (OSSTMM) Web Application Methodology.
The best security researchers in the world
Federacy security researchers have studied or worked at such institutions as MIT, Carnegie Mellon, CERT, Google, Twitter, and PricewaterhouseCoopers. They are OSCP, OSCE, CISSP, CREST, and CEH certified. We work in teams and focus on vulnerability chaining, business logic, authentication and authorization.
On-demand, CISO-like guidance included
While we actively test for three weeks, we engage for the entire year, almost like a lightweight outsourced-CISO, available via Slack to answer any and all-security related questions. We’re available to help with architectural and security tooling decisions, dependency risk assessment, vulnerability remediation, and many other areas.
Your pentest report, on-demand
Painlessly fulfill your auditor, partner or customer security requests. Your pentest report is always available, so you can send an up-to-date report to partners anytime.
Simple pricing
Modern Pentests
- Flexible team sizes
- Turnaround time as quick as 3 weeks
- Remediation advice & retesting included
- Issue tracking through the Federacy Inbox
- On-demand reports and letters of attestation
- Fulfill SOC2 and other compliance requirements
Methodologies
-
OWASP Application Security Verification Standard
-
OWASP Testing Guide v5
-
NIST SP 800-53A
-
OSSTMM
Let’s work together
We’d love to learn more about your company. Send us a message using the form below and one of our founders will get back to you quickly.