Security Testing That Makes Sense

We help you find and fix security issues before they become real problems

OWASP Top 10 Mobile Security Web Apps API Testing
See Our Services

Is This For You?

✅ Perfect For

  • Startups on a budget
  • Developers who want security testing
  • Small businesses with web/mobile apps
  • Projects that can't afford $10k+ pentests
  • Teams that want practical security advice

❌ Probably Not For

  • Enterprise companies needing SOC2 compliance
  • Financial institutions requiring full audits
  • Projects with $50k+ security budgets
  • Teams that need 24/7 security monitoring
  • Companies wanting fancy compliance reports

🎁 Special Offer for First Clients

I'm building my security testing portfolio, so I'm offering 50% off for the first 3 projects. Plus, if I don't find any significant vulnerabilities, you get 50% of your money back.

Grab This Deal

What We Do

Vulnerability Assessment

We scan your systems to find all the weak spots and security holes

  • Automated scans + manual digging
  • Clear reports that actually make sense
  • We tell you what to fix first
  • Step-by-step fix instructions

Penetration Testing

We actually try to break into your systems (the friendly way)

  • Real attack simulations
  • We prove vulnerabilities can be exploited
  • Show exactly how attacks would happen
  • Executive summary for the bosses

How We Test

Greybox Testing

We know a bit about your system - faster but still thorough

Blackbox Testing

We know nothing - just like a real attacker would

Open Source

Delvelin: Code Vulnerability Analyzer

Free SAST tool for Java & Kotlin that catches security bugs during development

🚀 Quick Start

Add Delvelin to your project and start finding vulnerabilities in minutes.

repositories {
    maven { url 'https://repo.repsy.io/mvn/hangga/repo' }
}

dependencies {
    testImplementation('io.github.hangga:delvelin-plugin:0.2.1-beta')
}
<repository>
    <id>hangga-repsy-repo</id>
    <url>https://repo.repsy.io/mvn/hangga/repo</url>
</repository>

<dependency>
    <groupId>io.github.hangga</groupId>
    <artifactId>delvelin-plugin</artifactId>
    <version>0.2.1-beta</version>
    <scope>test</scope>
</dependency>

💡 Basic Usage

Run Delvelin in your unit tests to keep production code clean:

@Test
fun `vulnerability test`() {
    Delvelin()
        .setOutputFormat(OutputFileFormat.HTML)
        .setAutoLaunchBrowser(true) // Opens browser for HTML reports
        .setAllowedExtensions(".java", ".kt") 
        .setShowSaveDialog(true)
        .setShowDate(true)
        .scan()
}

📱 Android Support

For Android projects, use a custom listener to log in LogCat:

@Test
fun `vulnerability test with custom listener for android`() {
    Delvelin().setLogListener(object : LogListener {
        override fun onGetLog(s: String) {
            Log.d("DelvelinLog", s)
        }

        override fun onGetLog(stringBuffer: StringBuffer) {
            Log.d("DelvelinLog", stringBuffer.toString())
        }
    }).scan()
}

🔧 Custom Detectors

Create your own detectors for specific security patterns:

class ExampleCustomDetector : BaseDetector() {

    init {
        this.vulnerabilities = Vulnerabilities.UNSAFE_REFLECTION
    }

    override fun detect(line: String, lineNumber: Int) {
        if (line.contains("examplePattern")) {
            val specificLocation = specificLocation(lineNumber)
            setValidVulnerability(
                specificLocation,
                "Example finding",
                "Detected example pattern in the code"
            )
        }
    }

    override fun detect(content: String) {
        if (content.contains("examplePattern")) {
            val specificLocation = specificLocation(-1)
            setValidVulnerability(
                specificLocation,
                "Example finding", 
                "Detected example pattern in the full content"
            )
        }
    }
}

// Usage in tests
@Test
fun `test using your own custom detector`() {
    Delvelin().setOutputFormat(OutputFileFormat.HTML)
        .addCustomDetector(ExampleCustomDetector())
        .scan()
}

✨ What Delvelin Does

  • Static Analysis for Java & Kotlin
  • OWASP Security Standards
  • Risk-based Vulnerability Prioritization
  • HTML, JSON & Console Reports
  • Custom Detector Support
  • Android & Spring Boot Ready

⚙️ Configuration Options

setOutputFormat() HTML, JSON, or LOG output
setAllowedExtensions() File types to scan
setAutoLaunchBrowser() Auto-open HTML reports
setShowSaveDialog() Save dialog for reports
addCustomDetector() Add your own detectors
setLogListener() Custom logging (Android)

🎯 Best Practices

  • Run in unit tests, not production
  • Use HTML format for detailed reports
  • Add custom detectors for project-specific patterns
  • Integrate with CI/CD pipelines
  • Combine with manual security reviews

🚀 Ready to Secure Your Code?

Get started with Delvelin today - it's completely free and open source.

Get Delvelin on GitHub

Perfect for Java/Kotlin teams wanting security checks without the enterprise price tag.

Security Stuff I Write About

Sharing what I learn from breaking into things (with permission, of course)

Recon

WhatWeb: Fingerprint Websites Like a Pro

Learn how to use WhatWeb to figure out what tech stack a website is running. Super useful for planning your security tests.

8 min read Intermediate
Read Article →
OSINT

theHarvester: Dig Up Info Like a Spy

Find emails, subdomains, and other juicy info using theHarvester. Perfect for gathering intel before a penetration test.

6 min read Beginner
Read Article →
Web Security

XSS Hunting with Dalfox

Find Cross-Site Scripting vulnerabilities faster with Dalfox. Because manual XSS testing is so 2010.

10 min read Advanced
Read Article →

Want more security goodness?

See All My Articles

Straight-Up Pricing

Pick your platform to see the right pricing

Get Your Instant Quote

Simulate pricing based on your needs before ordering

What We Look For

We hunt for all the usual suspects (and some unusual ones too)

What We Check What It Means Web Android iOS
A01 – Broken Access Control Can users see stuff they shouldn't? We find out.
A02 – Cryptographic Failures Is your data properly locked down or easy to steal?
A03 – Injection Can hackers sneak malicious code into your system?
A04 – Insecure Design Is your app fundamentally flawed from the start?
A05 – Security Misconfiguration Did you leave the digital doors unlocked?
A06 – Vulnerable and Outdated Components Are you using ancient, hackable libraries?
A07 – Identification & Authentication Failures Can we bypass your login or steal sessions?
A08 – Software and Data Integrity Failures Can updates be tampered with?
A09 – Security Logging & Monitoring Failures Would you even know if you're being hacked?
A10 – Server-Side Request Forgery (SSRF) Can we trick your server into doing our bidding?
Mobile-Specific: Insecure Data Storage Is sensitive data sitting unprotected on devices?
Mobile-Specific: Reverse Engineering & Code Integrity Can hackers easily pick apart your app?
We Got This
Partial Check
Doesn't Apply

Ready to Lock Things Down?

Let's chat about making your apps hacker-proof

Hit Us Up Check Prices