Federacy is a penetration testing service platform designed for startups and growing companies. It provides manual penetration testing conducted by human security researchers across web applications, mobile applications, APIs, and external network infrastructure. Testing methodology is based on established industry standards including the OWASP Application Security Verification Standard (ASVS), OWASP Testing Guide v5, NIST SP 800-53A, and the Open Source Security Testing Methodology Manual (OSSTMM). Each engagement includes over 100 hours of manual testing and more than 200 individual tests and security checks spanning areas such as authentication, session management, access control, input validation, cryptography, API security, and configuration. Security researchers on the platform hold certifications including OSCP, OSCE, CISSP, CREST, and CEH, and have backgrounds from institutions such as MIT, Carnegie Mellon, CERT, Google, and PricewaterhouseCoopers. Pentests are structured to satisfy compliance requirements for SOC2, ISO 27001, and HIPAA, as well as vendor and partner security assessment requests. Engagements include remediation advice, retesting, and on-demand pentest reports and letters of attestation. Federacy also offers bug bounty and vulnerability disclosure programs. Clients receive ongoing access to security guidance via Slack throughout the year, covering architectural decisions, security tooling, dependency risk, and vulnerability remediation — described as a lightweight outsourced CISO function. Pricing starts at $9,500 USD per pentest engagement.