Security consulting.

We provide penetration tests, source code audit and vulnerability assessment.

Our priorities:

Our clients: Stripe, Skrill, Movile, Virool, ExpressVPN, Par8o, Buffer, QuizUp, Bitcoin-Central.

Greg Brockman from Stripe:
As a payments company, security is core to everything Stripe does. I've worked with Egor both through his responsible disclosures as well as a contracted penetration test of Stripe. Egor has always been professional and responsible in his work, and Stripe today is more secure due to his efforts.

Sunil Sadasivan from Buffer:
We’ve been working closely with Egor to identify key weaknesses within our app. Egor is an expert and industry leader in identifying oauth weaknesses. He has helped us identify and resolve potential security holes such as xss, account hijacking, and access token leaking.

Igor Ribeiro from Movile:
At any case, I hired him fairly recently for a security audit and he worked quickly, and was very effective (he found several important vulnerabilities and reported them in a crystal clear manner). He was also a pleasure to deal with (no bullshit stance, something I find enjoyable).

David from Bitcoin Central:
Massive thanks to @homakov for taking the time to thoroughly audit & pentest our platform!

Sometimes we find various vulnerabilities in popular websites and frameworks just for fun. Let's mention some of them.

Some interesting posts:


For startups: don't rush, make sure competitors or bad guys won't screw your bright future up after the launch.

For established websites/SAAS: stability is a great thing, but it doesn't prove that your app is completely safe. Express audit is the only possible way to always sleep well.

For critical services: Even if there are no blatant issues, we will find optimizations (e.g. cookies, domains management, authentication flow) to make defense deeper.

Upon completion of our audit we provide you a comprehensive report. It will be just a list of issues we found and explanations of how to fix them. On top of that we mention all the vectors and attacks we tried, so you will know exactly how secure your app is.

Let's find the bugs others cannot find.


Reach us out if you want to learn how our security audit can help your business or if you have any questions.

We're @homakov (blog), @isciurus (blog), @paulmillr (blog)

Sakurity = Sakura + Security. Our work is beautiful like a flower.