◦ codeless analysis

design reviews | greybox pentesting | blackbox pentesting

Design review or pentest without source code

Codeless analysis means security consultancy provided without availability of the source code, but instead on the product itself (when your software product is ready) or on an early design (right at the birth of your software product). In all cases, we help you improve the security of your product, either by reviewing your design for blind spots, or by performing a pentest while wearing the shoes of an external attacker for a defined timeframe.


Request quotation

How it works

You share your product

You provide us with access to your product in the format it is available to an external attacker (for example, for a web-application, this could be a URL and credentials).

We share our findings

We spend a mutually agreed amount of time on pentesting it, and provide you with all insights we could obtain.

Which software products Codean Labs can pentest

White-box-cryptography (WBC) implementations

Cryptographic protocols and architectures

Web applications

Mobile applications

Cloud solutions


PCI DSS security testing

Full modern software solutions

Embedded and IoT devices, firmware and hardware

Desktop applications

Tailored to your needs

Whether you have not started to implement your product or are close to / beyond the production phase, Codeless analysis can help you strengthen your security. We provide early feedback on your design all the way to a pentest of your final product (and help you improve it). While we will guide you on what is best to do in your very situation, you remain in control of the effort you would like us to invest and the level of assurance you would like to achieve.

What types of software do you pentest?

We have a very wide expertise in terms of software security. So anything from embedded to cloud and in between is within our capabilities to pentest. In practice, what we see most are web and mobile applications, and associated backend(s) and cloud infrastructure.

Even in the design phase, we can help by reviewing your planned technical design or architecture. By giving you early feedback from a security perspective, we can help you build a strong core, making sure no time is wasted refactoring it later.

When can you start?

We try our best to meet your needs, aiming to start as soon as you are ready! Together with you, we will agree upon a specific start date.

Will I receive a shareable summary report?

Yes! You may need to give your client(s) or management an insight into the security of your product. We got you covered with periodical summary reports showing the overall security of your software (without revealing critical details) as well as your developments over time.

What do white-, grey-, and black-box mean?

These are industry terms for approaches that can be taken when evaluating the security of software systems.

When using a whitebox approach, pentesters are given access to the source code of the software they are analyzing; this corresponds to our ∞ code analysis service. In contrast, a blackbox approach puts a pentester in the shoes of an external attacker having no confidential information like source code or documentation. A greybox approach is somewhat in between white- and black-box: typically the code is unavailable but some information is shared. Grey- and black-box approaches are followed in our ◦ codeless analysis service.

As a rule of thumb, request a whitebox approach for a more thorough analysis with clear coverage, and a grey- or black-box approach for a feel of what an external attacker could do in a defined timeframe.

I need to do a software pentest. Can you guide me through my options?

Of course! We are happy to assist you: chat with us, plan a meeting, or read on for a short summary!

If you would like a thorough pentest that enables you to rapidly find and resolve security issues in your code, opt for our ∞ code analysis service. If, instead, you would like to see what a real external hacker (without confidential knowledge of your solution) could do, go for our ◦ codeless analysis service. The latter can also be used for design review, if you are already thinking about security but do not have an implementation yet. If we failed to capture your very need on this FAQ, try contacting us: we strive to provide a personalized approach!

We are here for you