How to pass Series A security due diligence (before it catches you off guard) Faultline Security offers manual penetration testing for startups and SaaS companies, priced from €3,000, to help them pass Series A security due diligence. The service provides clear scope, fixed pricing, and auditor-acceptable reports, addressing gaps left by enterprise firms, automated scanners, bug bounties, and AI tools. We find what scanners miss Penetration testing for startups and SaaS companies. Thorough, actionable, and priced for teams that ship fast. Security testing shouldn’t be this broken. Enterprise firms charge €15,000+ You get a junior tester following a checklist, an account manager who can’t answer technical questions, and a 200-page PDF six weeks later. Half the findings are informational padding. Automated scans miss what matters Nessus and Qualys find missing headers and outdated libraries. They don’t find broken authorization, business logic flaws, or the config file that leaks your database password. Bug bounties are unpredictable No guaranteed coverage, no compliance-ready report, no timeline. You might get a critical finding in a week or hear nothing for six months. And you still need a pentest report for SOC 2. AI tools miss your business logic An LLM can spot a textbook XSS. It can’t chain a broken access control with your multi-tenant data model to prove a customer-data leak, and no auditor will accept "we asked an AI" as a SOC 2 or ISO 27001 pentest report. There’s a better way. Faultline Security gives you manual, expert-level testing with a clear scope, fixed price, and a report your auditors will accept. Clear scope. Fixed price. No surprises. Methodology: PTES + OWASP WSTG · CVSS 3.1 scoring · CWE references Essentials Single application or API From €3,000 - ›1 web application or API up to 50 endpoints - ›Gray-box testingWe test with valid user credentials, simulating a real insider or compromised account. Follows OWASP WSTG: a 90+ test case methodology and the industry standard for thorough web security testing. - ›OWASP Top 10 & API Top 10 coverageThe most critical web and API security risks as defined by the Open Web Application Security Project. The global authority on application security. - ›Subdomain & virtual host enumerationWe discover all publicly reachable entry points to your infrastructure: subdomains, hidden portals, and services you may not know are exposed. - ›Authentication & session management testing - ›Security header & configuration reviewWe check HTTP security headers CSP, HSTS, CORS, X-Frame-Options and server configuration to prevent clickjacking, data leaks, and protocol downgrade attacks. - ›Business logic testingWe test your application’s workflows for flaws: like skipping payment steps or accessing other users’ data. Growth tier adds a full deep-dive into complex business rules. - ›CVSS-scored findings with proof-of-conceptEvery finding is rated on a 0–10 severity scale industry standard and includes a working proof-of-concept: the exact steps to reproduce the issue. - ›Attack narrative with exploitation chainsA step-by-step story showing how individual vulnerabilities can be chained together for real-world impact. This is what separates our reports from scanner output. - ›Remediation guidance per finding - ›PDF report with executive summary - ›Letter of attestationA one-page document confirming a pentest was performed. Shareable with auditors, customers, and partners without an NDA. Commonly needed for SOC 2, ISO 27001, and enterprise sales. - ›Findings walkthrough & Q&A Timeline: 3–5 business days Get started /scope Growth Multi-surface web + API From €5,000 - ›Everything in Essentials, plus: - ›Up to 3 applications or API surfaces - ›Cross-application trust boundary testingWe test how your applications trust each other. Can a user from App A escalate access via App B? Are shared tokens, SSO, or APIs exploitable across surfaces? - ›Business logic deep-diveGoes beyond standard checks. We model your entire user journey and business rules to find flaws like payment bypasses, reward abuse, and multi-tenancy leaks. - ›Inter-service API & authorization testingWe test the APIs your services use to talk to each other. Are internal endpoints authenticated? Can a compromised service access data it shouldn’t? Timeline: 5–8 business days Get started /scope Comprehensive Full external infrastructure From €7,000 - ›Everything in Growth, plus: - ›External perimeter up to 20 IPs/hosts - ›Service-level assessment SSH, SMB… We test every network service running on your servers: remote access, file shares, name resolution, and more, for misconfigurations and known vulnerabilities. - ›Cloud config review AWS, GCP, Azure - ›Internal service exposure analysisWe identify services meant to be internal-only that are actually reachable from the outside: databases, admin panels, debug endpoints, and monitoring dashboards. - ›Full retest after remediation included Timeline: 7–10 business days Get started /scope Add-ons available for both service lines From scoping form to actionable report in under two weeks. $ Scoping form free · 2 minFill out a short form with your application details, tech stack, and what you need the test for. You get a fixed-price proposal within 24 hours. No call required. $ Kickoff & credential handoff same day as signed SOWYou provide test credentials and access. We confirm scope, set up our testing environment, and define the rules of engagement. $ Testing 3–10 business daysWe test manually, following the PTES framework and OWASP WSTG methodology. Every finding gets a real proof-of-concept. Critical findings are reported immediately. $ Report delivery within 2 days of testingExecutive summary, technical findings with severity ratings and remediation guidance per finding, and a full attack narrative. $ Report walkthrough & Q&A asyncWe send a detailed walkthrough of every finding with remediation guidance. Your team asks questions on their schedule. We respond within one business day. Live call available on request. $ Retest optional · 1–2 daysAfter remediation, we verify the fixes work. You get an updated report confirming closure. Ready for your auditor. What makes us different. We talk during the test, not just after Critical findings are reported the moment we confirm them. Not buried in a PDF you receive two weeks later. You can start fixing while we’re still testing. Every finding has a proof-of-concept We don’t report theoretical vulnerabilities. Every finding includes the exact request, exact response, and step-by-step reproduction instructions. Built for modern stacks APIs, containers, serverless, multi-tenant SaaS: we understand the architecture your team actually builds on. We speak developer, not just compliance. Fixed price, fast turnaround You know the cost before we start: no hourly billing, no scope creep charges, binding proposal from a 2-minute scoping form. Most engagements complete within one to two weeks. Reports your auditors will accept PTES framework, CVSS 3.1 scoring, CWE references, remediation guidance. Satisfies SOC 2 Type II, ISO 27001, and GDPR requirements out of the box. AI-augmented, human-verified We use AI for recon, payload generation, and report drafting. That’s how we deliver senior-quality testing at startup-friendly prices. But every finding is validated and signed by a human tester who stands behind the report. See what you get. Below is a redacted excerpt from a real engagement report. Every finding follows this structure: severity rating, technical evidence, business impact, and specific remediation steps. Finding: Broken Object-Level Authorization on Store Resources | Severity | Medium | | CVSS 3.1 | 5.3 | | CWE | CWE-639: Authorization Bypass Through User-Controlled Key | | Asset | https://api.██████.██/stores/:id | Description Any authenticated user can read store metadata for arbitrary stores by substituting numeric IDs in the URL path. The API does not verify that the requesting user owns the target store. Evidence GET /stores/36480 Authorization: Bearer