// methodology
How We Work.Six Phases. No Scanner-Only Audits.
A structured, intelligence-driven engagement from initial scoping through post-fix re-test. Every phase ends with a deliverable you can act on.
From Scoping to Sign-off
Aligned with OWASP Testing Guide, PTES, and ISO/IEC 27001 control families.
Scoping & Authorization
Define assets, rules of engagement, in-scope endpoints, testing windows, and obtain signed authorization before a single packet is sent.
Reconnaissance
Passive and active OSINT, subdomain enumeration, technology fingerprinting, and attack surface mapping with Amass, Subfinder, and httpx.
Vulnerability Discovery
Manual testing with Burp Suite Pro, Nuclei, and custom tooling. Findings are verified by hand — no false-positive flood from scanner-only audits.
Exploitation & PoC
Confirmed exploitation with screenshots, request/response captures, and reproducible payloads. CVSS v3.1 scoring assigned per finding.
Reporting
Executive summary for leadership, plus a full technical report with reproducible PoC steps and prescriptive remediation guidance.
Remediation & Re-test
Post-fix re-testing on every confirmed issue. Patch validation, sign-off letter, and optional letter of attestation.
Standards & Frameworks
Engagements are mapped to industry frameworks so the report is useful to your auditors and customers.
- OWASP Testing Guide (WSTG) — primary checklist for web application VAPT.
- OWASP API Security Top 10 — applied on every REST and GraphQL engagement.
- OWASP Mobile Top 10 (MASVS) — Android and iOS testing baseline.
- PTES (Penetration Testing Execution Standard) — engagement structure and reporting.
- ISO/IEC 27001:2022 Annex A — findings mapped to relevant control families.
- CVSS v3.1 — severity scoring on every finding.
Have a target in mind?
A free 30-minute scoping call. We'll outline timeline, deliverables, and pricing for your stack.