Yes, we require access to the source code as our audits are not black box based. Having access to the source code allows us to find deeper and more complex vulnerabilities. The source code can be provided to us through email, through an invitation to your repository, a secure transfer link or your own preferred method of transferring files.
It is possible that we are not able to find any vulnerabilities if the source code follows all the code conventions and standards. Keep in mind that the audit is manual labor and is based on a certain amount of hours spent, not based on the number of vulnerabilities we may or may not find.
Although we do not fix vulnerabilities for you, we do provide information on how to patch the vulnerabilities that we have identified and will also assist with the patching process if needed.
As each software is vastly different when it comes to the structure, code complexity, lines of code and number of files, each audit will have a different cost attached to it. Reach out to us for an estimate for an audit of your software.
“Their [Patchstack’s] knowledge and expertise is unbelievable. They have helped us make our products secure on top of that given lots of tips to make WordPress sites secure.”
“Very happy with the service. These guys clearly know what they are doing.”
“We test our plugins after every major version release and have stayed with Patchstack ever since they were recommended to us by a trusted security professional. Best value/price.”
“This service should have been available since WordPress became a thing. Very professional.”
“The speed was really good and the issues found were submitted in a clear manner. We recommend your service to other developers.”
