Question 1

Why do you need my source code?

Accepted Answer

Source code access allows our consultants to perform white-box testing, which is significantly more thorough and efficient than black-box testing. Combined with AI enhanced static analysis, we identify more vulnerabilities in less time. This efficiency is what enables our flat-rate pricing.

Question 2

How is my source code protected?

Accepted Answer

Your code is transferred via encrypted channels and stored in an isolated, access-controlled environment for the duration of the engagement only. Access is restricted to the assigned consultant. Your code is never used to train AI models. All code is permanently deleted on completion and a deletion certificate is provided.

Question 3

What does the flat rate include?

Accepted Answer

The $5,000 flat rate includes AI enhanced SAST analysis, manual penetration testing by an expert consultant, a comprehensive report with code-level remediation guidance, and a post-engagement debrief call. A 10% discount is available on all Realize Security services when paid upfront. No hidden costs, no day-rate padding.

Question 4

How long does the test take?

Accepted Answer

Typical turnaround is 5-10 business days from receiving source code access, depending on the application complexity. The final report is delivered within 3 business days of testing completion.

Question 5

What if my application is very large or complex?

Accepted Answer

Our flat rate covers the majority of standard web, API, and mobile applications. For exceptionally large or complex applications, we will discuss scope during the initial consultation and provide a transparent quote before any work begins.

Question 6

How does the scoping process work?

Accepted Answer

We meet with business and technical stakeholders to understand the application, its risk profile, and any specific concerns. We agree the scope in a Statement of Work (SoW), sign an NDA, and arrange secure source code transfer. Our flat-rate pricing means no surprises.

Question 7

What can I expect in the report?

Accepted Answer

All reports contain a high-level executive summary as well as detailed technical descriptions of each finding. Because we have source code access, findings include specific code references and remediation guidance tailored to your language and framework. No generic advice.

Frequently Asked Questions