Pentest & Code Review
In God we trust; rest we test.
We find security vulnerabilities in web application, web services, frameworks, cloud native & serverless applications, mobile applications built for Android, iOS and software written for Internet of things (IoT). We do comprehensive security
assessments that include threat modelling, architectural reviews, pentesting and source code review. Services we offer:
- Web Application Pentest & Security Assessment
- Cloud, Compute and Serverless Security
- Server, Database and Application Security
- Wordpress/Drupal/Joomla Security and Hardening
- Mobile Application Pentest & Security Assessment
- Infrastructure and Application Stack Security Assessment
- Secure Code Review & Threat modelling
- Security Algorithm design and implementation
- Evaluation of custom Security implementations & protocols
- Application Security Automation, Scripting
- Security Engineering & Security Tool Development
Deep technical application security trainings.
We provide application security trainings and certification via self paced online courses as well as hands on live trainings at Security conferences. We deliver trainings on web application security, mobile application security, pentesting modern technology stack, and windows exploit development. For more information, visit our security education portal
We love security automation and develops security tools that work.
Latest advisories and research from OpenSecurity.
- Stealing card details from contactless cards in seconds
- Exploiting insecure file extraction in Python for code execution
- Exploiting deserialization bugs in Node.js modules for Remote Code Execution
- Server Side Template Injection in Tornado
- Instamojo Woocommerce Plugin XSS
- OS X Mavericks 10.9.5 – out of bound read/write in memmove()
- AppLock MITM Password Reset Vulnerability
- Reversing DexGuard’s String Encryption
- Bypassing Content Security Policy with a JS/GIF Polyglot
- Bypassing PIN in Whisper Android Application
- Tizen 2.2.1 WebKit Address Spoofing
- MTS MBlaze Ultra Wi-Fi / ZTE AC3633 Multiple Vulnerabilities