Authentication code reviews, AI-driven security scans, and identity engineering for EU software teams. NIS2 and DORA evidence-ready.
Authentication Code Review
Fixed-fee · OAuth2 · OIDC · WebAuthn · Passkeys · Report in 10 days, from €1,500
algorithms: ['HS256', 'none']Algorithm confusion — accepts unsigned tokens
state = Math.random().toString()PKCE state is weak and skippable
session.maxAge = 86400 * 30Session lifetime exceeds 24 h recommendation
Industries & teams we have worked with
A fixed-fee, fixed-scope security review of your OAuth2, OIDC, WebAuthn, or passkeys implementation — delivered in ten business days with an auditor-ready encrypted PDF. Built for engineering teams that want expert eyes on their authentication layer before an auditor, a breach, or a compliance questionnaire forces the issue.
Findings report
PDF, typically 15–25 pages. Every finding includes location in code, severity, attack path, and remediation guidance, mapped to OWASP ASVS and relevant RFCs.
Threat model
A diagram and written analysis of your authentication surface, trust boundaries, and identity-specific risks.
Prioritized remediation roadmap
Table of findings with effort estimates and recommended timelines.
60-minute review call
Walk-through with your engineering team.
30-day follow-up window
Ask questions by email after delivery.
Positive observations section
Auditor-friendly attestation of controls that are correctly implemented.
A complete review package within 10 business days. Every deliverable is structured to be immediately usable — by your engineering team and by your auditors.
PDF, typically 15–25 pages. Every finding includes location in code, severity, attack path, and remediation guidance, mapped to OWASP ASVS and relevant RFCs.
A diagram and written analysis of your authentication surface, trust boundaries, and identity-specific risks.
Table of findings with effort estimates and recommended timelines.
Walk-through with your engineering team.
Ask questions by email after delivery.
Auditor-friendly attestation of controls that are correctly implemented.
Fixed-fee, visible upfront. Prices exclude VAT (21% BTW/TVA, where applicable).
One authentication flow (e.g., OAuth2 login, WebAuthn registration, or SSO integration). One repository.
Book a scoping callUp to three flows, one repository. Includes federation and multi-tenant analysis if applicable.
Book a scoping callBeyond authentication security, we build, advise, and deploy across the full software lifecycle.
Security scan against your staging or production environment, repos or binaries.
Learn moreZero-to-One engineering, mentorship and architecture design to start growing your business.
Learn moreBeautiful, modern websites that look great on every device. Perfect for businesses ready to make their mark online.
Learn morePlatforms, products, and prototypes delivered for clients and partners.

Lightweight game engine with physics simulation, asset management, and multi-platform deployment capabilities.

Comprehensive fleet management platform with real-time tracking, automated scheduling, and maintenance planning.

Secure RAG assistant engineered for GDPR/EU AI Act with plug-in model choices, on-prem/cloud deployment, and full auditability.

A browser workspace for sketching, arranging, and sharing musical ideas with node-based flows and premium tiers.

Full-featured e-commerce solution with inventory management, payment processing, and analytics dashboard.

Advanced booking platform for yacht charters and vessel reservations with availability calendar and secure payments.
No payment required. We confirm scope, answer questions, and send a quote within 24 hours.