∞ code analysis

A pentest that is tailor-made for you and gives you continuous confidence in your security.

Enhanced attacker simulation Thorough review Deep security audit


Enhanced attacker simulation

We aren't clairvoyant, but we expect the quote to be around €4,000 - €8,000.

We put ourselves in the role of an attacker and try to find holes and dangerous vulnerabilities in your application. By reviewing your code (white-box approach) we can quickly reach deeper, spending much less time than an attacker would.

Quick and efficient, but still human hackers.
Tailored for you, not a security scan.

Typical throughput 1 week

Thorough review

We aren't clairvoyant, but we expect the quote to be around €7,500 - €15,000.

We inventorize the most important assets and flows of your application. With these in mind, we perform a thorough security evaluation. Through manual source code review we make sure your application can withstand real-life attacks, even from dedicated attackers. We can also take into account a wider context around the application, e.g. infrastructure and cloud configurations.

catch even those sneaky vulnerabilities
an deeper and wider assessment

Typical throughput 1-3 weeks

Deep security audit

We aren't clairvoyant, but we expect the quote to be around €10,000 - €25,000.

On top of our regular thorough review of your application, we assess your software bill-of-materials (SBOM), checking your dependencies to make sure they don’t expose your assets inadvertently. We don’t just check for known vulnerabilities: we actively review dependency code for unknown vulnerabilities.

we make sure to cover all your flows, even through dependency code
when you’re dealing with especially sensitive assets

Typical throughput 3-4 weeks

◦ codeless analysis

Buy yourself time

Do you need a more traditional penetration test either on applications or infrastructure? Or a design review?


Request quotation


Fun and educational

A Capture The Flag (CTF) event with a source code twist, ready for a difficult and fun challenge?


Request quotation

What does the subscription cover?

With ∞ code analysis, our expert security analysts will fully review the current version of your code from a security perspective, after which they will follow along as you develop. This means that we review all new code that is committed (as long as it is within the limits defined by the subscription) on a monthly basis, typically before it hits production. Not literally as you type, but never later than a month from typing! Security issues will be shared as soon as found, and reports as often as you need them. Your software will receive attention for an amount of hours based on the development rate of your product.

How do I calculate the lines of code in my project?

To count the total amount of lines of code you developed up to today, you can use a tool like cloc . It also allows you to exclude specific non-code files that may be part of a Git repository.

To count the average amount of lines of code changed on a monthly basis, you can use git shortstat. This provides you insight on the changes between two commits, which you can choose to be a month apart.

We also provide a helper shell script that will automatically calculate estimates for both numbers for you.

Or reach out to us, we will gladly do this exercise for you.

What do you refer to by "changes"?

A sum of the lines changed (added, removed, or modified) in the codebase over a month. This is a rough metric of the development speed of your team and product. A bigger team of developers will produce more code per month, resulting in more changes.

What does "full code coverage" mean?

Once our ∞ code analysis service is integrated with your project, our primary goal is to "catch up" with your development and acquire a full overview and understanding of all the security-sensitive functionality in your existing codebase. You can decide to spread this initial phase (and associated cost) over multiple months if you wish; or set the slider to 1 month if your goal is to achieve coverage as fast as possible.

Typically, after this one-off investment, monthly reviews of your updates require a smaller effort. This is why we differentiate these two phases, so you always pay for what you get.

We are here for you