We do code audits, pentests, mobile application analysis, and reverse engineering — with over a decade of experience across systems, languages, and architectures.
Our goal is to make vulnerability discovery scriptable, repeatable, and integrated into engineering workflows. We build on tools like Joern, an open-source code analysis platform we actively contribute to, combining static analysis with targeted dynamic testing.
That said, not every engagement needs automation. Much of our work is hands-on review — reading code, testing applications, and validating findings manually. The tooling sharpens what we do; it doesn’t replace judgement.
For an example of how we combine both approaches, see our blog post: Combining Static and Dynamic Tools to Analyse PHP Code.
