Federacy is a penetration testing and bug bounty platform that provides manual security testing services, primarily targeting startups and growth-stage companies. The company offers human-driven penetration tests for web and mobile applications, APIs, and external network infrastructure, with a stated focus on helping organizations meet compliance requirements such as SOC2, ISO 27001, and HIPAA, as well as satisfying enterprise vendor security assessments. Penetration tests are conducted over approximately three weeks and follow industry-standard methodologies including the OWASP Application Security Verification Standard (ASVS), OWASP Testing Guide v5, NIST SP 800-53A, and the Open Source Security Testing Methodology Manual (OSSTMM). Each engagement involves over 100 hours of manual testing and more than 200 individual security checks, with emphasis on vulnerability chaining, business logic flaws, and authentication and authorization issues. Security researchers on the platform hold certifications including OSCP, OSCE, CISSP, CREST, and CEH. In addition to penetration testing, Federacy offers bug bounty and Vulnerability Disclosure Program (VDP) management. The platform includes tooling for issue tracking, on-demand pentest reports, and letters of attestation that clients can share with auditors or partners. Federacy also provides year-round engagement beyond the active testing window, offering on-demand guidance via Slack covering areas such as security architecture, tooling decisions, dependency risk assessment, and vulnerability remediation. This is positioned as a lightweight outsourced CISO function. Pricing for penetration tests starts at $9,500 USD.