Software Consulting & Technical Audit
For non-technical founders, investors evaluating a target, or CTOs who need a second opinion. We audit code, architecture, teams, and product — no jargon, with concrete action plan.
Types of consulting
Code & architecture audit
Code quality assessment, tech debt, security, performance. Report with prioritized fixes.
Technical due diligence
For investors or acquirers. Risk, IP, vendor lock-in, scalability, key-person dependencies.
Fractional CTO
8-20 hours/month CTO expertise. Hiring, architecture, code review, mentorship. Pre-Series A.
Cloud migration
From on-premise to AWS/GCP/Hetzner. Or between clouds. Cost optimization, security baseline.
Legacy modernization
Extraction plan from PHP 5/jQuery/Symfony 2. Step-by-step, no big-bang rewrite.
Stack selection
For new projects: which stack to choose based on team, scale, budget. Neutral recommendation.
Technical audit — what we evaluate
1. Code quality
- Code style consistency, lint warnings, TypeScript strict mode
- Cyclomatic complexity, file size, duplication
- Test coverage (unit, integration, e2e)
- Code review process: exists? working?
- Git history: commit hygiene, hotfixes on master, branch strategy
2. Security
- OWASP Top 10: SQL injection, XSS, CSRF, broken auth, etc.
- Vulnerable dependencies (npm audit, Snyk)
- Secrets in repo (gitleaks scan)
- Cloud permissions: IAM, S3 buckets, exposed endpoints
- Compliance: GDPR, PCI DSS if processing payments
3. Architecture & scalability
- Bottlenecks: DB queries, N+1, no caching, no pagination
- Infrastructure bottlenecks: SPOF, no auto-scaling
- Vendor lock-in: how hard to move from AWS to GCP?
- Cloud costs: typical 20-50% optimizations through reserved instances + cleanup
4. Team & process
- Bus factor: how many people know critical systems? (target: minimum 2)
- Onboarding: how long for a new dev to ship first feature?
- Documentation: README, ADR, ops runbook?
- CI/CD: auto deploy, rollback, observability
5. Product & UX
- Core Web Vitals (LCP, INP, CLS) — affect SEO + retention
- Accessibility (WCAG 2.1) — mandatory in EU for public sector
- Mobile experience: actually responsive, not just «works on mobile»
Consulting packages
Audit Express — €1,500 / 2 days
- 1-2 days code + architecture review
- Executive report 5-10 pages
- Top 10 prioritized issues
- 60-min discussion call
Audit Standard — €5,000-€8,000 / 1-2 weeks
- Complete code review, threat modeling
- Detailed report 30-50 pages
- Full fix backlog (CRITICAL → LOW)
- 2 discussion calls + 30-day email follow-up
Technical Due Diligence — €8,000-€25,000 / 2-4 weeks
- For funds / acquirers
- 360° evaluation: code, security, IP, team, product, infrastructure
- Report for investment committee
- Q&A session with target management
- Risk score + go/no-go recommendation
Fractional CTO — €2,000-€6,000 / month
- 8-20 hours/month strategic expertise
- Hiring (technical interviews, candidate evaluation)
- Key architecture decisions
- Code review & senior mentorship
- Board reporting on technical side
FAQ
How much does a technical audit cost?
Audit Express: €1,500 (2 days). Audit Standard: €5,000-€8,000 (1-2 weeks). Complete Due Diligence: €8,000-€25,000 (2-4 weeks).
For investors — what deliverables do we get?
Executive report for investment committee, detailed technical report for technical advisors, scoring on risk areas, go/no-go recommendation with conditions.
Are you objective or trying to sell us development?
The audit is a separate, neutral product. We don't propose follow-up development unless explicitly requested. Many clients come for an audit, get a plan, execute it with their internal team.
Do you sign NDA?
Yes, before any access to code / confidential information. Our standard NDA or yours.