Who we are?

ThisIsQA is an industry leading penetration testing company
ranked among the very best Google Hall of Fame 0x0A list.

We are an elite team of security experts. Our goal is to find vulnerabilities before hackers do.
Our main specialization is security auditing for web-applications.
Our audits are powered by people, not by automated tools.

What kind of security testing services do we offer?

Asking us to provide the Penetration Testing, Security Audit and Vulnerability Assessment services for your web-application you can simply focus on your core business needs without ever having to worry about threats within your software.

Technical Expertise

Our focus is security audits for web-applications. Our experts are familiar with any vulnerability types that may apply - SQLi and other kind of injections, XSS (Cross Site Scripting), CSRF, Remote File Upload/Execution, Security Misconfiguration, Sensitive Data Exposure, issues with Authentication and Session Management, etc. We produce reports that contains absolutely no false positives.

The Team

First of all, ThisIsQA is a team of security experts. All our pentesters are experienced professionals with a extremely good background in doing security audits. The company's CTO, Nikolay Babiy is listed on the GoogleGoogle Application Security Hall of Fame 0x0A list as one of the best Security Researchers doing security testing of Google products.

Security Testing Services Cost

Penetration testing can't be cheap if it is done qualitatively. Hovewer, we are so sure that there are no web-applications without possibility to find threats - we are always open to work using pay-on-result scheme, e.g. client pays only for vulnerabilities found.

Time Scale

Time is money - and we know how to work within time limits. We are often faced with both situations - when there is a need to conduct the penetration testing for web-applications before public release, and when software is already live, but existing vulnerabilities are being exploited by hackers.

Support and Assistance

During the security audit, dedicated expert teams are available online, by email, and by phone. The reports provided after the test will not only show found vulnerabilities to the client - they will also explain them and provide recommendations on how to avoid similar issues in the future.

Confidentiality and Ethical Standards

We understand how critical the confidentiality and integrity of customer's data is - so yes, of course, we will sign the NDA (Non-Disclosure Agreement). We will never take personal copies of client’s data, never perform unauthorized testing, and will not discuss findings with unauthorized people.

Google Application Security Hall of Fame 0x0A list

ThisIsQA's co-founder and CTO, Nikolay Babiy, is listed on the 0x0A list as one of the best Security Researchers doing security testing of Google products

Security Audit for UniSender

WWorking with Unisender on a regular basis, ThisIsQA is doing security audits for the leading Eastern Europe Email and SMS marketing platform

Penetration Testing services for WMClub

WMClub is an e-currency exchange web-application. ThisIsQA experts acted as White Hats. WMClub found the results of the security audit extremely good and cost effective.