Free methodology papers from the Lorikeet Security research team. Download and use them in procurement, vendor assessments, or just to understand how we work.
Our comprehensive web application security testing approach — covering the full lifecycle from recon to reporting. Aligned with OWASP, ASVS, and PTES.
Emerging methodology for testing AI-powered applications — covering prompt injection, jailbreaking, model inversion, RAG poisoning, and agentic system abuse. Aligned with OWASP LLM Top 10.
Physical and logical security assessment methodology for ATM networks, cash kiosks, and embedded payment systems. Covers XFS protocol, jackpotting resistance, and network isolation.
Understand the Payment Card Industry Data Security Standard: its history, twelve core requirements, merchant tiers, and the changes introduced in v4.0.
Understand ISO/IEC 27001:2022, the key security certifications for technology organizations, the certification journey, and how ISO compliance can be a strategic differentiator.
Understand SOC 2: its origin, the five Trust Service Criteria, Type I vs. Type II distinctions, how to prepare for an audit, and why it's a de facto requirement for SaaS companies.
A practical guide for small and medium-sized businesses: what penetration testing is, why SMBs need it, how to scope the right engagement, and how to choose a provider.
Understand the difference between penetration testing and vulnerability scanning: how they work, what they find, when to use each, and how to build a program that leverages both.
The most common vulnerabilities identified across web application, network, and compliance assessments — with concrete remediation steps to address each category.
How proactive penetration testing moves beyond checkbox compliance to drive sales acceleration, customer trust, cyber insurance positioning, and operational resilience.
A remediation handbook for development and security teams — implementation-ready fixes for the most frequently identified vulnerabilities across web apps, APIs, and infrastructure.
A practical roadmap for startups and growing organizations — covering governance, access control, vulnerability management, incident response, and the path to SOC 2 and ISO 27001.
We tailor our testing approach to your stack, compliance requirements, and risk tolerance. Get in touch to discuss your engagement.
Hi, I'm Lory! Need help finding the right service? Click to chat!
