We recon, hack and protect your website

from a real-world attacks in a hacker's perspective, report it to you in a very detailed and understandable way.


We're a startup.

Invalid Web Security, formerly a group now a security consulting firm, established in 2013.

They are comprised of Filipinos who are interested and skilled in web application security. Individually, they are acknowledged and rewarded by Facebook, Google, Microsoft, Yahoo, Twitter and other big companies.

Their mission is to secure the business operation of its clients by finding vulnerabilities with high quality reports in a very detailed and understandable way.

Keeping up with technological advancements can be overwhelming, and you can't be an expert in everything. You need reliable and trustworthy Application Security advice, Web and Mobile application security.

We specialize in:

Vulnerability Assessment and Penetration Testing using standard methodologies like Open Web Application Security Project Top 10, Open Source Security Testing Methodology Manual, and Information Systems Security Assessment Framework.

Our Services

Check out the great services we offer

Vulnerabilty Assessment

Vulnerability scanning using commercial and open source scanning tools. This task is performed by running an application [called as the vulnerability scanner] on the website and sometimes includes a range of manual testing with additional tools to further evaluate the security of applications to verify vulnerabilities discovered by the scanning tools.

Web App Penetration Test

Vulnerability discovery through automatic, manual, and custom techniques and Vulnerability exploitation and pivoting to other resources.

A pentest is often broken down into the following phases:

1. Reconnaissance

2. Scanning and enumeration

3. Exploitation (gaining access) and Post-exploitation (maintaining access)

4. Covering tracks

Bug Bounty

Many vendors and websites run bug bounty programs, paying out cash rewards to white hat hackers who report security holes that have the potential to be exploited.

Bug Bounty is also offered by the Invalid Web Security team and reward amounts will vary based on the severity of the reported vulnerability.

Network Pentration Test

The main objective for a network penetration test is to identify exploitable vulnerabilities in networks, systems, hosts and network devices (ie: routers, switches).

Including Re-Testing (re-test the vulnerabilities to verify fixes in network)

Post completion of the activity, a detailed report will be submitted to the client. The report format will be as under:

1. Executive Summary

2. Security Testing Methodology

3. Technical Reports

4. Engagement


Client Reviews

Peter Christopher - CEO at CF Security

Jayson is very capable of finding obvious and subtle security holes and reporting them in a way that a programmer will know how to reproduce and patch those holes. You can trust him, and you will benefit from any time he dedicates to your project.

Nick Sweeting - DrChrono, Developer

Out of all the researchers who have been submitting bug reports to drchrono, Clifford is by far the highest quality reporter. He consistently provides clear, concise, hand-written reports, and works with us to get them resolved quickly. When me make changes or suggestions to reports, he's responded quickly and personally to every one of them. He is a true security researcher, he cares about security of the product more than the bounties, which is why we've happily given him so many of them.

Ivan Leichtling - Yelp Security Team

As part of Yelp's private bug bounty, Clifford has been a huge help. He's uncovered serious bugs that scanners, penetration testers, and our own engineering team didn't discover.

Corina Mansueto - Director of Social Media & Customer Service at Lavasoft

Evan assisted in identifying a vulnerability on our website. He was extremely easy to work with to have this issue resolved in a timely and professional manner. Thanks for all your help Evan, we greatly appreciate it.


Our team is always here to help

First sample avatar image

Jayson Zabate

Founder / Lead - Security Researcher

Fourth sample avatar image

Clifford Trigo

Co-Founder / Application Security Engineer

Third sample avatar image

Jaymark PestaƱo

Co-Founder / Application Security Engineer

Fourth sample avatar image

Roy Castillo

Application Security Engineer / Security Researcher

Fourth sample avatar image

JD Loquias

Backend Security Specialist / AWS Security

Fourth sample avatar image

Paul Biteng

Bug Bounty Hunter / Back-End Developer

Fourth sample avatar image

Mikko Carreon

Cloud Engineer / System Administrator

Fourth sample avatar image

Joenel de Asis

Sr. Technical Developer / Linux System Administrator

Fourth sample avatar image

Evan Ricafort

Bug Bounty Hunter / Security Researcher

Fourth sample avatar image

Jerold Camacho

Bug Bounty Hunter / Security Researcher

Contact Us

Contact us to get started


Metro Manila, Philippines

Your message has been sent. Thank you!