SAN DIEGO, Calif. — ComSec Inc. is so confident it'll find vulnerabilities in any credit union's Internet-facing and e-commerce applications that the client doesn't have to pay if none are found, the company said.

The San Diego-based security specialist (www.comsecinc.com) said it is staking the claim because the cost of code analysis may be keeping organizations from “diving deep into custom and off-the-shelf” Web applications.

“Credit unions want to ensure their assets are secure. ComSec is providing the means to provide expert-level analysis at a fiscally prudent price,” said CEO Jeromie Jackson, who said his client list includes financial services, healthcare, biotech and energy organizations.

Jackson said his company's Web application assessments focus on and recommend mitigations for technical vulnerabilities he said are often found in commercial and custom applications, including cross-site-scripting (XSS), race conditions, delimiter errors, SQL injections and other vulnerabilities cited by the Payment Card Industry (PCI) Data Security Standard (DSS).