What Veyra does.
Service definitions, scope boundaries, and approved naming conventions. Each service has a deep page describing what it covers, what we need from you, how it runs, what the deliverable is, and what we will not claim. Engagement specifics are documented in a Statement of Work after intake.
- gray-box-api-penetration-test
Gray-Box API Penetration Test
Authenticated assessment of a REST or GraphQL API against the OWASP API Security Top 10 and provided documentation. Per-role coverage and object-level access checks.
- application-security-assessment
Application Security Assessment
Gray-box assessment of a web application's authentication, authorization, business logic, and data handling. Manual validation with tool-assisted discovery.
- web-application-penetration-test
Web Application Penetration Test
Full-coverage application assessment when source-assisted access is not available.
- api-security-assessment
API Security Assessment
Targeted review of an API surface, integration boundaries, and webhook authenticity.
- security-evidence-pack
Security Evidence Pack
Marketplace-ready or vendor-questionnaire-ready evidence assembled from prior assessment work — Amazon SP-API, CASA, SOC 2 readiness.
- remediation-verification
Remediation Verification
Targeted retest against a remediated finding set, with a retest letter suitable for marketplace and reviewer submission.
- marketplace-security-readiness-review
Marketplace Security Readiness Review
Pre-submission review for marketplace and platform security questionnaires, including documentation-gap remediation guidance.
Read a redacted sample report, or describe the system you want assessed.
Engagement requests receive a reply from a named assessor within one business day.