We take time to understand the components that we test, placing focus on their Logic and Integrations.

We care about quality.

And deliver high quality results.

The Kulkan way.

Wow Factors

We culturally place a huge amount of energy on understanding technology as opposed to becoming button-clickers and merely running tools. In every single project we're after what we call "Wow Factors" - helping us raise the bar by identifying non-trivial vulnerabilities.

Meetings and Collaboration

We strongly believe in having as many meetings as necessary to get familiarized with the architecture and use-cases of the solutions that we test. We also have, per project, a good amount of internal meetings to brainstorm ideas and draft potential attack vectors.

Detailed testing plans

Planning is one of our strengths. Project plans get updated by our team daily and shared with your team regularly (weekly, monthly and annually!).

Preserving Context

Our methodolgy and process enables us to preserve key context and information in between rounds of testing. It's a whole different experience than using a partner that starts from scratch every time.

Adaptable testing

We are prepared and so is our methodology to adapt our testing using Production or Sensitive environments.

Keeping your team Focused

We can work with application teams directly, or collaborate with your existing security team. Our experience and love for detail helps deliver zero false positives and high quality deliverables.

A simple four step engaging process.

Scoping and Scheduling

We can help estimate and define the scope of work. We’ll prepare and share a work proposal document. Slots in our schedule are only locked once a work proposal is approved and signed.


We’ll create a Kulkan Footprint of your APIs. We’ll establish a bridge between both parties and share detailed weekly updates.


We’ll share with your team a report in multiple formats via our proprietary secure file transfer method. Our team will then preserve context and new knowledge to seal the Kulkan Footprint of your APIs.


We can help you validate fixes to any of the findings that we’ve reported. Talk to us in order to schedule either a subsequent round of testing or an isolated project for validating fixes.

We are CREST Accredited in Penetration Testing

Working with professional, experienced security consultants and penetration testers who are awarded the CREST accreditation, grants your company a level of independent assurance over the services being delivered.

What is CREST?

CREST is the international not-for-profit accreditation and certification body that represents and supports the technical information security market. CREST provides internationally recognised accreditations for organisations and professional level certifications for individuals providing vulnerability assessment, penetration testing, cyber incident response, threat intelligence services, and Security Operations Centre (SOC) services.

A flexible vessel for communicating risk.

Please discuss your reporting needs upfront if you’re looking for a specific type of Report.
We’ll be happy to try our best!

We facilitate collaboration

By joining your Ticketing system

In addition to or in replacement of the report deliverable, our team can submit findings to Rally, JIRA, Github, and more.

By joining your Chat platform
(eg. Slack, Telegram, Signal)

We welcome communication and therefore our team will be happy to jump on a shared channel or authenticate to your infrastructure.

Happy customers include:


Get a Quote
We look forward to hearing from you.