Security Research

What is security research?

Security research is targeted investigation into a specific security question. Where a pentest is a broad assessment against known categories, research is deeper and more specific. Can someone order for free from your webshop? Is your payment flow manipulable? How do criminals abuse your platform? We investigate it.

Our researchers combine deep technical expertise with creative attacker thinking. We find vulnerabilities that no scanner or standard pentest reveals - because they do not fit in a checklist. Race conditions in ordering processes, logic flaws in discount systems, privilege escalation via unintended feature interactions, fraud scenarios in payment processes. This is what we love.

When is security research relevant?

• Complex business logic: payment flows, ordering processes, loyalty programmes, pricing engines.
• Platform abuse: how can malicious actors abuse your platform? Fake accounts, fraud, scraping?
• Responsible disclosure: you received a report and want to understand the impact.
• Incident analysis: after an incident, understanding exactly how it happened.
• Publication: security research for thought leadership or responsible disclosure.

Why should you get security research?

The vulnerabilities that cause the most damage are rarely the obvious ones:

• Business impact: we focus on what actually affects your organisation. Not theoretical, but attack paths with direct financial or operational impact.
• Beyond the checklist: standard pentests follow frameworks. Research goes further - we investigate scenarios not in any framework.
• Knowledge sharing: we share findings not only with you, but - in consultation - also with the community via blog posts, conference presentations and responsible disclosure. We do this because we believe it matters, not because it sells well.

Our approach

Research is by definition custom work. The approach depends on the question:

• Formulate research question - what do we want to know? Which scenarios are most relevant? Direct conversation with the researcher who will do the work.
• In-depth investigation - source code analysis, reverse engineering, protocol analysis, traffic analysis and creative thinking. We take the time to truly understand how something works - and how to break it.
• Proof of concept - working proof that demonstrates impact. Not theoretical, but demonstrable.
• Responsible disclosure - if the research reveals vulnerabilities in third-party products, we follow responsible disclosure. That is a matter of ethics.
• Reporting & knowledge sharing - detailed report with PoC, impact analysis and recommendations. Publication via blog or conference in consultation.

What does security research cost?

Hourly rate €175 per hour. Indications:

• Targeted research (single question): €5,000 - €15,000
• Extensive research (broad platform or publication-focused): €15,000 - €40,000

We align scope and budget upfront. We report on progress along the way - no surprises.