2Gen — Success with technology
// AI APP SECURITY

AI writes functional code. Not necessarily secure code.

An independent two-pass penetration test built for apps developed with Claude Code and AI-assisted tools — fixed price, your schedule.

// THE PROBLEM

Five patterns AI introduces. All of them missed before go-live.

Authorisation Gaps

Roles enforced in the UI, absent at the API — where attackers actually operate.

Hardcoded Secrets

API keys and credentials embedded in source files and repositories.

Injection Flaws

Unsafe input handling passed to databases or shells.

Insecure Defaults

Debug modes and verbose errors left on in production.

Repeated Patterns

One insecure pattern becomes dozens of identical vulnerable endpoints.

Average Australian SMB breach: ~$46,000 in direct costs — before reputational damage, customer churn, and Privacy Act exposure. A two-pass assessment costs a fraction of that.

// HOW IT WORKS

Two passes. One price. Nothing slips through.

PASS 1
Full pentest

3–5 days testing in final dev. Every finding CVSS-rated.

DEV TEAM
Remediation

Your team fixes on their timeline — we don't rush you.

PASS 2
Re-test

1–2 days confirming fixes held before go-live.

SIGN-OFF
Certificate

Written confirmation for clients, auditors and insurers.

Grey-box testing — we operate as a logged-in user targeting stolen credentials, privilege escalation and business-logic flaws. Deepest coverage for the budget. Issues caught in build cost a fraction of post-deployment fixes.

// WHAT YOU RECEIVE

Reports that stand up to clients, insurers and boards.

Findings report

Every issue CVSS-rated with evidence, business impact, and fix steps. AI patterns called out explicitly.

Executive summary

One-page risk posture overview. No technical background required to act on it.

Re-test certificate

Written sign-off that fixes held — for clients, auditors and cyber insurers.

// INVESTMENT
$3,500
$6,500

+ GST · both passes included

  • Pass 1 + Pass 2 — one price, no surprises
  • Full OWASP / NIST / CVSS methodology
  • All reports, summary & re-test certificate
  • AI-specific vulnerability review

Pricing scales with complexity — simple apps at the lower end, multi-role platforms with APIs at the upper end.

We use Claude Code ourselves and support clients building with it. We know exactly which security patterns it introduces and which ones it misses. This service was built specifically for how software is now being built.

STANDARDS COVERED
OWASP WSTG v4.2OWASP Top 10 (2021)OWASP API Top 10OWASP ASVSNIST SP 800-115PTESCVSS v3.1ACSC Essential Eight

Ready to scope? One call, one hour.

Tell us what you've built, the user roles involved, and when you're targeting go-live — we'll fit around your schedule.