Independent Assessment • Procurement-Ready Evidence

Security attestations your buyers can file with confidence.

Harbinger delivers OWASP-aligned web application and API vulnerability assessments with board-ready reporting, a forwardable executive summary, and a formal security attestation letter.

Request Assessment View Deliverables
Point-in-time • Evidence-backed • Reviewer-friendly
Manual-first
Exploitability-focused validation beyond scanner output.
OWASP mapped
Clear taxonomy for reviewers and remediation owners.
Diligence-ready
Artifacts designed to pass procurement scrutiny.

Vulnerability Assessment

Fixed Fee
  • Executive Summary (forwardable PDF)
  • Findings with reproducible evidence & remediation guidance
  • Security Attestation Letter (signed, point-in-time)
  • Optional remediation validation (re-test)
$7,000 — $23,000

Typical project range • scope drives fee

Typical timeline
10–15 business days
Fast scoping → focused testing → clean artifacts. Expedited options available for diligence deadlines.

Firm Capabilities

Built for B2B SaaS teams preparing for enterprise deals, audits, and security questionnaires.

Web App Assessment

Manual testing across authentication, authorization, session management, and business logic abuse.

SaaS • Portals • Dashboards

API Security Audit

Object-level authorization (IDOR), rate limiting, GraphQL abuse patterns, and data exposure risk.

REST • GraphQL • Partner APIs

Remediation Validation

Re-test after fixes to confirm closure, update evidence, and support reviewer sign-off.

Audit Evidence • Assurance

Deliverables that close deals.

Clean artifacts stakeholders can forward — and reviewers can trust.

Executive Summary PDF

One-page, stakeholder-ready overview: scope, methodology alignment, risk posture, and reviewer-friendly language.

Technical Findings Report

Structured findings (Impact → Evidence → Fix), OWASP mapping, severity rationale, and redacted PoCs.

Security Attestation Letter

A formal, forwardable point-in-time posture statement with assessor signature and scope summary.

Remediation Validation (Optional)

Post-fix verification with updated evidence and an addendum suitable for procurement follow-ups.

Engagement Flow

A scoped, defensible assessment — delivered as buyer-facing evidence.

The goal is not volume. The goal is clarity: validated issues, reproducible proof, and artifacts that survive diligence.

01 • Scope
Targets & assumptions
Define apps/APIs, roles, environments, and test boundaries.
02 • Test
Manual-first validation
Confirm exploitability and business impact; avoid scan noise.
03 • Report
Evidence & fixes
Write findings the way reviewers read: concise, specific, reproducible.
04 • Attest
Signed artifacts
Deliver executive summary + security attestation aligned to scope.

Secure Inquiry Protocol

Start with a minimal-scope email. For sensitive scoping details, we can transition to an end-to-end encrypted channel after verification.

// Lead: Anthony D’Onofrio, PhD
// Ver: 2026.1-STABLE
Email [email protected]

Encrypted-channel instructions provided after verification

Executive Attestation Preview

Security Attestation Letter

A formal point-in-time statement summarizing scope, methodology alignment, and resulting posture, designed to be forwarded to buyers and reviewers.

Harbinger Security Attestation Seal
Harbinger Score
v1.0
86
Diligence-Ready
A summary indicator derived from validated findings severity, exploitability, and coverage.
Not a compliance claim • Point-in-time
Excerpt

This letter attests that Harbinger Security performed an independent vulnerability assessment of the in-scope web application and associated APIs. Testing was conducted using an OWASP-aligned methodology and focused on validating exploitability and business impact. Findings and remediation guidance are documented in the accompanying report.

Signed
Anthony D’Onofrio, PhD
Principal Assessor • Harbinger Security
Date
2026-01-21
The attestation and score are always tied to scope, assumptions, and date.