About Black Trace Labs

Q: Do you work with startups and SMBs?

Yes. We tailor scopes to fit a company’s stage and risk profile.

Q: Will you sign an NDA and handle sensitive data?

Yes. We routinely work under NDA and maintain strict data-handling procedures.

We’re a Fort Worth–based security & engineering studio helping teams ship faster—and safer. 25 years of senior web engineering + 8 years of offensive security, wrapped in plain‑English communication and dependable delivery.

Start a Conversation Explore Services

Our Story

Black Trace Labs began with a simple belief: security is a product feature, not an afterthought. After two decades building and scaling web apps, we kept seeing the same pattern—teams racing to ship, then patching security gaps in crisis mode. We built a studio that flips the script.

Today, we partner with founders, marketing leaders, and engineering teams to create fast, secure experiences. We threat‑model features before they launch, automate checks in CI/CD, and validate with hands‑on testing. That blend of craft + discipline is how we deliver reliability you can feel.

✔ Founded: 2025 — Fort Worth, Texas (U.S. owned & operated)
✔ 25+ years web engineering • 8+ years ethical hacking
✔ No offshoring • Clear scopes • Proof‑driven outcomes

Mission

Help organizations build trustworthy digital products by uniting senior software engineering with real‑world offensive security— delivering measurable gains in speed, stability, and safety.

Values

Reliability

Predictable timelines, disciplined process, documented work. We show our math.

Honesty

Plain‑English status, sober estimates, clear scopes. No surprises—good or bad.

Craft

We sweat details: performance budgets, secure defaults, and maintainable code.

Respect

For users, for data, for your time. We leave systems and teams stronger than we found them.

Leadership

Aubrey Love II / “Crypt0r”

Founder • Principal Security Engineer & Full‑Stack Developer

Ethical hacker and senior engineer with a track record across web, API, and mobile surfaces. Blends hands‑on pen testing with developer‑grade remediation, so fixes land fast and stick.

Offensive Security: web/API pen‑test, recon, authz/authn, SSRF, RCE, IDOR, data exposure
Engineering: PHP/Laravel, Node/Express, React/Next, SQL (MySQL/Postgres), Docker, CI/CD
Marketing & VO background for clear communication with non‑technical stakeholders

Our Method

Secure Build

Threat modeling at kickoff
“Secure by default” patterns & secrets hygiene
Performance budgets & Core Web Vitals targets
CI/CD with linting, tests, SCA/SAST where applicable

Offensive Validation

Recon (amass, subfinder, httpx), endpoint inventory
OWASP Web & API Top 10 focused testing
AuthZ/AuthN abuse, session & state testing
Actionable reports with PoC & prioritized fixes

Remediate & Re‑test

We implement or pair with your team, then re‑test to confirm closure and provide artifacts for audits & stakeholders.

Stacks & Tooling

Security

Burp Suite, amass, subfinder, httpx, nmap, Nikto, ffuf, gobuster, sqlmap, xsstrike

Methodologies: OWASP (Web/API), ASVS‑informed checklists, safe‑harbor discipline

Web & API

PHP/Laravel, Node/Express, Python (FastAPI/Django)

React/Next, Vue/Nuxt, MySQL/PostgreSQL, Redis, Docker, GitHub Actions

Mobile

React Native / Flutter

Secure API design, token strategy, app hardening, cert pinning

Outcomes We Aim For

↓ 80%+

Critical & high‑severity vulns within 60 days*

90–100

Lighthouse performance targets on key pages*

≤ 7 days

Average time‑to‑remediate for P1/P2 after report*

Community, Ethics & Safe Harbor

We participate in responsible disclosure programs and follow safe‑harbor rules. Research is performed against in‑scope assets with explicit authorization. No social engineering. No service disruption.

Responsible disclosure with coordinated remediation
Privacy‑respecting testing practices
Clear, reproducible PoCs and re‑test support

Giving Back

We aim to mentor early‑career technologists and contribute tooling/checklists that improve the security ecosystem.

FAQs

Absolutely. We tailor scopes to fit a company’s stage and risk profile.

Yes. We routinely work under NDA and maintain strict data‑handling procedures.

No. We are U.S. owned & operated in Fort Worth, Texas. Work is delivered in‑house.

Let’s Build Something Secure

Whether you need a secure build or an in‑depth pen test, we’ll meet you where you are.

Request a Free Consult See What We Do