Software testing and QA
We test the software you bought from someone else. Or the one you're about to buy.
Independent QA, tech audits before acquisition, and HIPAA security reviews. We find what breaks before your patients or customers do.
What we test
Six engagements we take on.
Tech audit before acquisition
You're about to pay for a software company. We spend a week with the codebase and tell you what you're actually buying: debt, security gaps, and all.
HIPAA security review
We test your healthcare software against the HIPAA Security Rule technical safeguards. You get a written report your compliance officer can act on.
Regression testing
New release broke something? We build and run a test suite so your team catches it before your users do.
API and integration testing
We test the surface area between your systems: EHR integrations, payment processors, external APIs.
Load and performance testing
How does your app behave at 3x normal traffic? We find the ceiling before launch, not after.
Prompt injection and AI security
Running an AI feature? We test it for prompt injection, data exfiltration, and output manipulation. See also: honeypot-med.
How it works
What a testing engagement looks like.
Scoping call
We spend 30 minutes understanding what you need tested and why. You leave with a fixed price quote and a scope document.
Access and setup
You give us read access to the relevant system, codebase, or environment. We set up our testing toolchain on our side.
Testing sprint
We run the engagement over 5 to 10 business days depending on scope. You get weekly progress updates if it runs longer than a week.
Report and remediation
You get a written report with severity scored findings and reproduction steps. We retest fixes at no extra charge.
Deliverables
What you get back.
When NOT to use this service
Not every app needs a formal QA engagement.
Your app has no user data and no payments.
If there's nothing sensitive to protect and no real transactions happening, an informal review is enough. Save the budget for when stakes are higher.
You're still in active development.
If the codebase is changing weekly, a testing report goes stale before you act on it. Finish the core build first, then call us.
You want someone to write the code too.
We test. We don't fix. If you need the issues remediated, that's a Build engagement. We can refer you or scope both together.
Investment
Fixed price testing.
Security review
$2,500 to $5,000
HIPAA, AI security, or general web app. Scoped after a 30 min discovery call.
Acquisition tech audit
$5,000 to $12,000
Full codebase, infra, and security review. One week of access to the target system.
Ongoing QA retainer
$1,500+/mo
We run regression tests on every release. You never ship blind.