Startup-Friendly Security Reviews — London, UK

Security reviews
for startups that need
to move fast.

Manual, expert-led security reviews for SaaS founders and early-stage tech teams. Find the vulnerabilities before your customers — or attackers — do. Fixed-scope packages, clear pricing, and remediation guidance you can act on immediately. Built for teams shipping an MVP, preparing for launch, or earning customer trust.

Get a Fixed Quote → See Recommended Review
No commitment required Response within 24 hours Fixed-scope quote before any work
From £300
Fixed-scope startup packages
3–5 days
Typical turnaround on reviews
100% manual
Expert-led, not scanner output
24h
Reply to every enquiry
Fixed-Scope Packages
Clear pricing · no hourly surprises
Clear, Actionable Reports
Written so your devs can fix, not decode
Fast Turnaround
Most startup reviews in 3–5 days
Free Retest Included
Verify your fixes at no extra cost
About

Expert security,
without the
enterprise overhead.

Ian Brighouse Quintana — Founder & Principal

I am an offensive security practitioner and published researcher based in London. Brighouse Security Labs is built for startups: small teams that need real security expertise but can't afford — and don't need — a six-figure enterprise consulting engagement.

I run every review personally. That means the person testing your product is also the person scoping it, writing the report, and answering your engineering team's questions. No account managers, no handoffs, no junior analysts doing the work under a senior's name.

My background covers web application security, API testing, authentication and authorisation flaws, and cloud exposure — the areas that actually matter for early-stage SaaS. I also publish peer-reviewed research through the University of East London, so the methodology behind the work is documented and defensible, not just claimed.

Built For
SaaS startups · MVP teams · indie founders
Location
London, United Kingdom
Methodology
OWASP WSTG · PTES · Manual testing
Research
Published via University of East London
GitHub → ResearchGate → Get a Fixed Quote →
Startup Services

Fixed-scope packages.
Built for founders.

Four focused offers designed around what early-stage teams actually need: manual expert-led reviews, fast turnaround, clear pricing, and remediation you can act on before your next release. No sprawling enterprise engagements. No inflated issue counts. Just the work that moves your product forward safely — with a free verification retest included on every engagement.

01 — From £300
Startup Security Quick Audit
The fastest way to identify critical security issues before launch. A focused review of your SaaS product covering authentication flaws, common OWASP issues, exposed endpoints, and basic misconfigurations. Short, clear report with prioritised fixes. Turnaround in 3–5 days.
Auth ReviewOWASP ChecksExposed EndpointsMisconfigurations3–5 Day Turnaround
02 — Fixed-scope
External Attack Surface Review
Understand what attackers can see from the outside. Maps your exposed ports, DNS and subdomains, public services, cloud exposure, SSL configuration, and perimeter headers. Perfect for startups who want to know what's reachable before a bad actor finds it first.
Subdomains & DNSExposed PortsCloud ExposureSSL & HeadersPerimeter Check
03 — Pre-launch
Pre-Launch Pentest
Launch with confidence before onboarding users or customers. A focused manual pentest of the things that break real SaaS products: login flows, role and permission boundaries, API endpoints, and business logic. Written report with reproduction steps your engineers can follow.
Login & Auth FlowsRoles & PermissionsAPI TestingBusiness LogicShip-Ready Report
04 — Monthly
Security Retainer for Startups
Affordable ongoing security support without hiring in-house. Monthly recurring reviews, advisory time when you need a second opinion, quick validation after each release, and remediation guidance when your team ships something sensitive. Cancel any time.
Recurring ReviewsAdvisory SupportRelease ValidationRemediation HelpFlexible Monthly
Get a Fixed Quote → Request a Review Estimate
Fixed-scope pricing No commitment required Response within 24 hours
Who I Work With

Built for startups.
Not enterprises.

I work with small tech teams that need real security expertise — but don't have the budget, the time, or the need for a massive enterprise engagement. If you're shipping something early-stage and want to do it safely, this is for you.

Not the right fit

If you're a Fortune 500 with a 500-person AD environment and a 12-month compliance programme, I'm probably not the right partner for you. My focus is on startups and small SaaS teams that want fast, expert-led reviews without enterprise consulting fees.

SaaS
Early-stage SaaS founders
Pre-seed, seed, and early Series A teams shipping their first product and needing to validate security before paying customers arrive.
MVP
MVP and pre-launch teams
Small dev teams about to ship a new product who want an independent set of eyes on auth, APIs, and the obvious failure modes before launch day.
Indie
Indie founders and small dev teams
Solo founders and 2–10 person engineering teams who want serious security review without hiring a full-time specialist or signing a six-figure contract.
Trust
Startups earning customer trust
Teams closing their first enterprise deals, answering security questionnaires, or preparing for investor due diligence who need credible, third-party security validation.
Why Brighouse Security Labs

Startup pace.
Expert depth.

Most security consultancies are built for big corporate buyers — long timelines, long contracts, long invoices. BSL is built the other way around: for founders who need real answers fast, at a price that makes sense for early-stage teams.

You get a single expert who scopes, tests, and reports the whole engagement personally. That means no account managers, no handoffs to junior analysts, and no enterprise consulting markup. Just honest, technically credible security work shaped around how startups actually operate.

Founder-Friendly
Scoped for the stage you're actually at
You won't be sold a 20-day enterprise engagement when a 5-day focused review is what your product needs. I'll tell you what matters now and what can wait.
Fast
Fast turnaround on startup reviews
Most quick audits delivered within 3–5 days of kickoff. Pre-launch pentests typically complete within 1–2 weeks, not months.
Affordable
Clear entry offers, no sticker shock
Fixed-scope packages starting from £300. You know what you're paying and what you're getting before any work begins — no hourly surprises.
Expert-Led
One expert on your engagement, start to finish
The person testing your product is the person writing the report and answering your engineers' questions. No pool of junior analysts, no dilution.
Practical
Remediation guidance your devs can act on
Clear reproduction steps, concrete fix suggestions, and a free retest once your team has patched. Built to be useful, not just thorough.
Methodology
Research-backed
Published methodology, not marketing
Engagements follow OWASP WSTG, PTES, and manual testing principles grounded in peer-reviewed research published via the University of East London. The approach is documented and defensible.
Delivery
Manual Testing
Not scanner output in a PDF
Every finding is manually verified with reproduction steps your engineering team can actually follow. Scanners are a starting point, not the deliverable.
Included
Free Retest
Verify your fixes at no extra cost
Once your team has remediated the findings, I retest them for free and confirm they're resolved. Startup-friendly delivery — no extra charge for the thing that actually completes the work.
What You Receive

Trust through
process, not promises.

Rather than testimonials, here is exactly what every engagement produces — so you know precisely what you're buying before you commit. Each deliverable is tangible, reviewable, and included in the fixed scope.

Deliverable 01

Security Findings Report

Clear, prioritised findings with severity ratings, reproduction steps, and business impact. Written so your engineers can verify each issue in minutes — no consultant required to translate it.

Manual expert-led · Sample available
Deliverable 02

Actionable Fix Guidance

Concrete remediation steps your developers can act on immediately — often down to the code-level suggestion. Designed so small teams can close issues quickly, without research or guesswork.

Practical · Code-level where relevant
Deliverable 03

Verification Retest

Free validation of your fixes once remediation is complete. Confirms the issues are actually resolved — useful to show investors, customers, or enterprise prospects during due diligence.

Included in every engagement
Deliverable 04

Founder-Friendly Delivery

Results explained in practical business terms alongside the technical detail. A short summary your co-founder, investor, or non-technical stakeholder can read without needing a security background.

Two audiences · One document
Deliverable 05

Fixed-Scope Engagement

A signed, written scope agreed before any work begins. You know the price, the timeline, and exactly what is being tested — no hourly surprises, no scope creep, no enterprise contract complexity.

Transparent · Signed upfront
Deliverable 06

Research-Backed Methodology

Testing follows OWASP WSTG and PTES, grounded in peer-reviewed research published via the University of East London. The approach is documented and defensible — not just stated expertise.

OWASP WSTG · PTES · Published research

Sample deliverables available on request · get a fixed quote

How It Works

Simple process.
No surprises.

A lightweight five-phase workflow applied consistently across every startup engagement. You know what to expect at each step, what you'll get at the end, and roughly when — before any work begins.

OWASP WSTGPTESManual TestingOWASP Top 10Clear ReportingFree Retest
Phase 01
Quick Scoping Call
A short, no-obligation call (20–30 minutes) to understand your product, your stage, and what you're actually worried about. I'll recommend the right package for you — even if it's the smallest one.
30 min callNo obligationHonest advice
Phase 02
Fixed-Scope Agreement
A simple written scope with targets, timeline, and fixed price. You know exactly what's being tested and what you're paying before anything starts. No hourly surprises, no scope creep.
Fixed PriceClear TargetsSigned Scope
Phase 03
Manual Testing
Hands-on testing of the things that actually break SaaS products: authentication, roles and permissions, APIs, and business logic. Manual-first, with scanners as a supporting tool — never the main act.
Burp SuiteManual PoCOWASP WSTGAPI Testing
Phase 04
Clear Reporting
A short, readable report with prioritised findings, reproduction steps, and concrete fix suggestions. Written so your developers can act on it directly — not so a consultant has to explain it.
PrioritisedReproduction StepsFix Guidance
Phase 05
Free Retest
Once your team has remediated, I retest everything for free and confirm the fixes work. Included on every engagement — because a pentest isn't really done until the bugs are actually closed.
IncludedFix VerificationSign-off
What You Receive

Clear deliverables on every engagement.

Designed to be useful: a short summary your co-founder or investor can read, and a technical write-up your engineers can act on directly.

01
Short Summary
A plain-language overview of what was tested, what was found, and what matters most. Readable by a non-technical co-founder, investor, or customer.
02
Technical Findings
Each finding with clear reproduction steps, severity rating, and request/response evidence so your developers can confirm the issue in minutes.
03
Remediation Guidance
Prioritised fix list with concrete suggestions — often code-level. Designed so small teams can close issues quickly without guesswork.
04
Free Retest & Sign-off
After remediation, I retest everything for free and confirm the fixes. Great for showing to customers, investors, or your next enterprise prospect.
Technical Approach

Industry-standard tools,
manual expertise.

The tooling stack used on startup engagements — focused on the things that actually break early-stage SaaS products. Scanners are used as a starting point, never the deliverable.

WEBWeb & SaaS Testing
Burp Suite Pro
Intercept proxy, manual request manipulation, auth and session analysis, custom payloads
Manual Auth Testing
Login flows, password reset, session handling, role boundary testing, IDOR hunting
Ffuf / Gobuster
Endpoint discovery, hidden route enumeration, parameter brute-forcing
SQLMap
SQL injection detection and controlled exploitation on database-backed endpoints
wfuzz / arjun
Hidden parameter discovery and REST/GraphQL API fuzzing for SaaS backends
APIAPI & Business Logic
Postman / Insomnia
Authenticated API flow testing, token manipulation, role-based access validation
Business Logic Review
Manual review of payment flows, multi-tenant boundaries, workflow abuse cases
JWT & Token Analysis
Token structure review, signature validation checks, session-handling flaws
GraphQL Tooling
Introspection, query complexity abuse, field-level authorisation testing
Rate-Limit Testing
Abuse vectors on signup, login, and sensitive endpoints — critical for SaaS
EXTExternal & Cloud Exposure
Amass / Subfinder
Subdomain enumeration and DNS mapping to find forgotten assets and shadow IT
Nmap
Port scanning, service version detection, exposure mapping on public-facing infrastructure
Shodan / Censys
Passive asset discovery — find what's publicly reachable without touching your infra
SSL & Header Checks
TLS configuration review, security header audit, cookie flag validation
Cloud Misconfig Checks
Exposed S3 buckets, public storage, misconfigured CORS, leaked credentials in metadata
Public Credibility

Documented work,
not stated expertise.

View GitHub →
Academic Preprint · ResearchGate

RT-MLIDS: Real-Time Ensemble ML Framework for Network Intrusion Detection with Adversarial Robustness Evaluation

Peer-reviewed research published via the University of East London on machine-learning-based intrusion detection and adversarial robustness. Included here as evidence of research-backed methodology — the same rigour applied to every startup review.

Author Ian A. Brighouse Quintana
Institution University of East London
Type Peer-reviewed research
 Sample Pentest Report · GitHub

Sample Penetration Test Report — Public Example of Reporting Style

A public example of how findings are presented in an engagement report: clear reproduction steps, prioritised severity, and practical remediation guidance. Useful if you want to see exactly what you'll receive before booking a review.

Clear, prioritised finding structure
Reproduction steps your engineers can follow
Concrete remediation guidance per issue
Short executive summary for non-technical readers
Designed to be actionable, not padded
Format Startup-friendly reporting
Style Short · clear · actionable
Purpose See before you book
FAQ

Common questions
from founders.

Answers to the questions startup founders ask most often when they're considering their first real security review.

Still have questions? Every engagement starts with a no-obligation 20–30 minute call. Use the form below to get in touch — I respond within 24 hours.

We're small — is this really for startups like us?
Yes — that's exactly who I built these packages for. Pre-seed, seed, and early Series A SaaS teams. If you're a 2-to-10-person team shipping an MVP or preparing for your first real customers, the Quick Audit or Pre-Launch Pentest is almost certainly the right starting point.
How much does a startup review cost?
Fixed-scope startup packages start from £300 for a Quick Audit. Pre-Launch Pentests and attack surface reviews are priced higher depending on scope, but always as a fixed quote — you know the number before any work begins. Retainers are billed monthly and can be cancelled at any time.
How fast can you turn something around?
Quick Audits typically deliver in 3–5 days from kickoff. External Attack Surface Reviews are similar. Pre-Launch Pentests usually take 1–2 weeks depending on the size of your product. If you have a hard deadline — an investor call, a customer due-diligence window — tell me upfront and I'll let you know honestly whether I can hit it.
Will testing break our production environment?
Testing is controlled and non-destructive, and scheduled around agreed windows. For production-sensitive SaaS, I usually recommend testing against a staging environment where possible. We'll agree the approach during scoping so there are no surprises.
What happens after the report is delivered?
Once your team has remediated the findings, I retest them for free and confirm they're resolved. This is included on every engagement — you're not paying extra for the step that actually closes the loop. The clean retest is useful to show investors, customers, or enterprise prospects.
Do you sign NDAs?
Yes — every engagement operates under a signed confidentiality agreement. Your product, your findings, and your engagement details are never shared or referenced publicly without your explicit written consent.
Find the vulnerabilities before your customers do.
Tell me about your app and I'll recommend the right review for your stage — with a fixed-scope quote before any work begins. If your situation doesn't need a full engagement, I'll tell you that too.
No commitment required Fixed-scope quote upfront Response within 24 hours
Get a Fixed Quote → See Recommended Review
Get a Fixed Quote

Tell me about
your app.

Share a few details and I'll reply within 24 hours with a recommended review, a fixed-scope quote, and a realistic timeline. No obligation, no enterprise sales process — and if your situation doesn't need a full engagement yet, I'll tell you that too.

EMAIL
ianbrighouse4@gmail.com
Fastest way to reach me directly
 GH
github.com/brigghouse
Public tools, reports, and sample output
 RG
ResearchGate Profile
Published research & methodology

What happens next: I reply within 24 hours with a recommended package and a fixed-scope quote. If you'd like a quick call first, we can schedule 20–30 minutes. No commitment required, no minimum spend, no enterprise contract complexity.

No commitment required Response within 24 hours Fixed-scope quote before any work

Handled confidentially. Never shared with third parties.