penetration tests
for startups

Satisfy SOC2 compliance requirements and vendor security assessments across web and mobile applications, APIs, and external network infrastructure.

Trusted by some of the world’s most innovative companies

Meet compliance goals,
satisfy vendor requests

Our pentests satisfy compliance requirements for SOC2, ISO 27001, HIPAA and for vendor and partner requests from even the largest enterprises in the world.

Federacy has been a great security partner. Their team is incredibly thorough in their testing and their deep knowledge around all things security and engineering has been invaluable for our fast-moving team. We've really enjoyed the level of support they provide via Slack as well.

Sumukh Sridhara General Manager, AngelList


Security Controls Tests
Architecture, Design, Threat Modeling 42
Authentication 57
Session management 20
Access Control 10
Validation, Sanitization and Encoding 30
Stored Cryptography 16
Error Handling and Logging 13
Data Protection 17
Communications 8
Malicious Code 10
Business Logic 8
File and Resources 15
API and Web Service 15
Configuration 25

Dramatically reduce security risk

We perform manual penetration testing that simulates real-life attacks and use cutting-edge research techniques to uncover vulnerabilities in your websites, applications, and more.

Our rigorous evaluation methodology includes over 100 hours of manual testing and over 200 individual tests and security checks. It incorporates industry leading specifications including the OWASP Application Security Verification Standard (ASVS), Testing Guide, NIST SP 800-53A and the Open Source Security Testing Methodology Manual (OSSTMM) Web Application Methodology.

The best security researchers in the world

Federacy security researchers have studied or worked at such institutions as MIT, Carnegie Mellon, CERT, Google, Twitter, and PricewaterhouseCoopers. They are OSCP, OSCE, CISSP, CREST, and CEH certified. We work in teams and focus on vulnerability chaining, business logic, authentication and authorization.

OWASP Application Security Verification Standard
On-demand, CISO-like guidance included

On-demand, CISO-like guidance included

While we actively test for three weeks, we engage for the entire year, almost like a lightweight outsourced-CISO, available via Slack to answer any and all-security related questions. We’re available to help with architectural and security tooling decisions, dependency risk assessment, vulnerability remediation, and many other areas.

Your pentest report, on-demand

Painlessly fulfill your auditor, partner or customer security requests. Your pentest report is always available, so you can send an up-to-date report to partners anytime.

Vulnerability report

Simple pricing

Modern Pentests

  • Flexible team sizes
  • Turnaround time as quick as 3 weeks
  • Remediation advice & retesting included
  • Issue tracking through the Federacy Inbox
  • On-demand reports and letters of attestation
  • Fulfill SOC2 and other compliance requirements


  • OWASP Application Security Verification Standard

  • OWASP Testing Guide v5

  • NIST SP 800-53A


Starting at

$9,500 USD

Let’s work together

We’d love to learn more about your company. Send us a message using the form below and one of our founders will get back to you quickly.