Services

Source Code Security Review

An AI agent reviews your code for potential vulnerabilities. I triage what's actually exploitable, run the program to check it works correctly, and hand you back suggested fixes.

AI-automated review

By Dimas Maulana, CTF player and security researcher.

An AI agent reviews your whole codebase for potential vulnerabilities. I triage what it finds, flag the ones that are actually exploitable, and send back suggested fixes. I also run the program to confirm it works correctly and that the fixes don't break anything, so you don't just get a list, you get patches you can merge with confidence.

An AI agent reviews your whole codebase, fast
Potential vulnerabilities surfaced, with the exploitable ones flagged
Dynamic checks that the program runs and works correctly
A suggested, ready-to-merge fix for each finding
Reports written in plain words you can act on

Starting at$99

about Rp 1.780.000· per project, scoped to your codebase size

Every project ships as a full report, in Markdown and PDF:

Sample report (PDF)Sample report (Markdown)

components/seo.tsxStored XSS · HighFixed by AI

<script type="application/ld+json"-  dangerouslySetInnerHTML={{ __html: JSON.stringify(data) }}+  dangerouslySetInnerHTML={{ __html: safeJsonLd(data) }}/>// safeJsonLd escapes < > & so a title can't// close the tag and inject its own <script>

A blog title from Notion could break out of the JSON-LD script tag and run code. Now the output is escaped.

Real findings from a scan of this very site, already patched.

How it works

1. Share your code

Send a private GitHub or GitLab invite, or just zip it up and email it over. NDA on request.

2. Review and run

An AI agent reviews your codebase for potential vulnerabilities, and I run the program to check it behaves correctly. I triage the results and flag the ones that are actually exploitable.

3. Report and fixes

You get a plain-English report in PDF and Markdown, with a suggested fix for every finding.

What you get

Your whole codebase reviewed by an AI agent
Potential vulnerabilities surfaced, with the genuinely exploitable ones flagged
Dynamic checks that the program runs and works correctly
A suggested, ready-to-merge fix for each finding
One free re-test after you apply the fixes

Scope and limits

Static code review plus dynamic checks that the program runs correctly
No live production or infrastructure penetration testing
Languages: JavaScript and TypeScript, Python, PHP, Go, and most web backends
Turnaround is usually 1 to 2 days when I'm not busy
Patches are provided as-is, so test before you deploy

Your code stays private

I review your code in an isolated workspace, never share it, and delete it after delivery on request. NDA available on request, and you can send your code however is easiest, a repo invite or a zip over email.

Questions

Is this just an automated scanner?

It is AI-driven, but I triage every finding by hand and tell you which are actually exploitable, which are only potential, and which are just hardening. You get a reviewed report, not a raw tool dump.

What if you don't find anything?

You still get a report of everything the review checked, plus hardening notes. I won't pad it with findings that are not real.

Which languages do you cover?

JavaScript and TypeScript, Python, PHP, Go, and most web backends. Ask if yours is not listed.

How do I send my code?

A private GitHub or GitLab invite works best, but a plain zip over email is fine too. Whatever is easiest for you.

How does payment work?

We agree on the scope and price first, then you pay by bank transfer or your preferred method before I start.

Start a review

Message me to scope your project, then share your code however is easiest, a repo invite or a zip over email.

Discord WhatsApp