Expert Security Testing & Code Review
Decades of combined experience securing systems worldwide
Comprehensive security assessment and testing across all layers of your infrastructure
Deep analysis of your source code to identify vulnerabilities before they reach production. We examine code at all levels—from application logic to low-level system implementations.
Comprehensive evaluation of your system's security architecture, threat model, and design patterns. We identify structural weaknesses before implementation.
Real-world attack simulation against your applications. We think like adversaries to find vulnerabilities that automated tools miss.
External and internal network security assessment to identify vulnerabilities in your network infrastructure and services.
Specialized knowledge across critical security domains
Modern web frameworks, SPAs, APIs, and complex client-server architectures
C/C++, memory safety, kernel code, embedded systems, and systems programming
Protocol design, implementation review, key management, and cryptographic primitives
Binary analysis, malware analysis, protocol reverse engineering, obfuscation defeating
Machine learning security, prompt injection, model poisoning, adversarial AI
Anonymous communication, metadata protection, privacy-enhancing technologies
Subgraph is an approved supplier of penetration testing and security audit services for the Open Technology Fund Security Lab. For many years, we have been trusted to assess the security of critical tools used by journalists, activists, and human rights defenders worldwide.
Selected security reviews available for public review
Security assessment of Tella, a mobile documentation app for human rights defenders in challenging environments. Comprehensive review of the Android application's security architecture and implementation.
Security audit of NetAidKit, a portable network security tool. Analysis covered the system architecture, network isolation mechanisms, and security configuration.
Security assessment of FileZilla, a widely-used FTP client. Comprehensive penetration testing and code review of the file transfer application and its security mechanisms.
Organizations that require rigorous security assessment
NGOs, activist organizations, and developers of privacy-enhancing technologies. Tools that protect vulnerable populations require the highest level of security assurance.
Fintech platforms, cryptocurrency projects, and payment systems. We understand the unique threat models facing financial infrastructure.
SaaS platforms, enterprise applications, and critical business systems. Comprehensive security assessment for production systems.
Security-critical open source software, infrastructure tools, and developer platforms. We understand the unique challenges of public codebases.