Whilst traditional testing is performed looking for instances of the common type of web flaws (SQLi / XSS, CSRF) and misconfigurations of servers / applications, Securatary provides a very hands on manual approach to web application security audits.
There are excellent vulnerability scanners and code scanners available on the market and it is likely that you may have already run these against your own applications prior to any third party security testing. Whilst these products are a great resource for the discovery of classic web vulnerabilities, ones that could lead to a full compromise of your server and data, they fall short of finding application / business logic flaws and struggle with insecure direct object access vulnerabilities. Some good examples of these types of issues can be found here.
If you are already considering a security audit, Securatary can complement your existing security provider during testing focusing on these issues and is priced accordingly
If you have already had an audit and feel these types of issues were over looked or should be re-examined, Securatary can provide this for you.