Code Security By Coders
research / testing / Development / training
Our Story.
Founded in 2017, Redpoint Security is an application security consulting firm that is focused on all aspects of code security, whether through process improvement, framework research, or traditional application penetration testing. As speakers, contributors, and developers, our consultants have at least a decade of experience in the information security industry.
Redpoint Security consultants are experts in various application security fields and provide a wide-range of services. Whether you need secure code review (open box assessments), penetration testing (closed box), or process improvement (SDLC reviews), we speak your language. If you are looking for code security expertise to build or break applications, to train developers on secure coding techniques, or to analyze a security program for gaps, we can help.
Security Research, % 90
Security Consulting, % 100
Security Development, % 75
Security Training, % 100
Redpoint Security consultants have assessed applications from across the development spectrum (e.g. Java, .Net, JavaScript, C/C++, Python, Go, Ruby) on a multitude of platforms and technologies (e.g. AWS, Azure, GCP, SAP, Linux, Windows, Salesforce). We are experts in breaking down these custom applications, environments, and platforms to the security basics in order to identify any security issues.

Information Gathering

Redpoint Security starts all assessments striving to understand the application’s purpose and risk. Depending on the activity, this phase may include an initial review of application source code, discussions with developers, a high-level look at application use-cases, and digging in to any application documentation.

Vulnerability Identification

Redpoint Security utilizes data obtained during the information gathering phase to explore all possible security vulnerabilities across the identified application surface. This discovery process is based on industry best practices in combination with our experience and expertise in finding application flaws.


Our reports document all vulnerabilities found during the assessment, no matter the associated severity or risk. Each documented finding will describe the issue in full detail with steps necessary to replicate our discovery and include actionable items for remediation.

Redpoint provides a wide range of application security services


Also known as an application security assessments (“ASA”), dynamic assessment, or application penetration test, this assessment evaluates the existing security controls that protect an application within its intended environment. Most commonly performed against web applications, but also against mobile, cloud, and API-only applications.


An open box assessment, static code assesssment, or secure code reviews (“SCR”) is designed to help a Client’s development team build more secure software. This assessment may use both automated tools and manual techniques to identify vulnerabilities and does not require access to client environments.


Also known as a Hybrid Application Security Assessment (“HASA”) or source-assisted assessment, this assessment combines the techniques used in dynamic and static assessments. This combination of knowledge provides a more complete view of the running application, with the main benefit of eliminating false positives.


Redpoint consultants use their years of security and development experience to tailor training courses for software developers. Each course features custom-developed, intentionally vulnerable applications to demonstrate the exploitation and remediation of vulnerabilities. These courses take a hands-on, real world approach.


Co-host of Absolute AppSec - soccer hooligan
Seth Law
Principal Consultant


Developer turned security pro. May be found overlanding.
Justin Larson
Senior Security Consultant
Scroll Up
 Previous  All works Next