Technical Audit.
1–2 week review of a Java/Spring or Angular application: security, performance, technical debt.
What it includes
- Code and architecture review
- Security: OWASP Top 10, dependency scan
- Performance: profiling, query analysis
- CI/CD and test coverage
- Report with priorities and estimates
Who it's for
For CTOs and product owners who have inherited code and need to decide "rewrite vs refactor".
This is NOT for you if
- You need a pentest - that is a narrow specialty, I will refer you to someone.
- You want a certifying audit (ISO/SOC2) - my report does not replace a formal compliance audit.
What you get
Written report (15–30 pages) with a prioritised fix list, estimates and a roadmap.
Frequently asked questions
How long is the audit and what is the deliverable?
1–2 weeks depending on codebase size. Deliverable: PDF report (15–30 pages) with executive summary, technical findings prioritised P0/P1/P2, fix estimates, and a 1h Q&A session with your team.
Do you sign an NDA before code access?
Yes. NDA before repo access by default. I can use your template or mine (mutual NDA).
Do you implement fixes after the audit?
Yes, if scope/timeline fits. Some clients take fixes to their own team, others ask me to handle the most urgent P0/P1. Hourly rate applies in that case.
What is the scope of "security" in the audit?
OWASP Top 10 review (auth, injection, deserialization, secrets, CORS, headers), dependency scan (Snyk / OWASP DC), manual review of critical paths (login, payments, file upload). This is NOT a pentest - black-box testing is out of scope.
What if you find a critical security bug?
I escalate immediately (email / call) before the audit ends. I do not sit on a P0 until report time. If it is a public-facing CVE-level issue, we agree on a disclosure path before I write it down.
Rate and timeline
Have a "Technical Audit" project?
Write a few lines about what you need. I respond within 24h with a proposal for the next step.
Let's talk