Pentest. Build the tools that were missing.
own2pwn is Maxime Jérôme's solo firm — the tools I wish I'd had when I was a pentester.
On the services side: black-box and white-box web pentests, personally delivered. On the product side: an EASM platform for external attack surface, and an AppSec suite that extends a human-led audit between engagements.
Continuous, contextual, actionable pentesting.
In most organisations, pentesting is still a one-shot event: an annual audit, a report that gathers dust in a drawer, and a six-to-twelve-month gap between two offensive perspectives. That gap is exactly where regressions creep in.
My goal: make offensive testing reproducible between two engagements, without rerunning a full audit at every release.
That's what both own2pwn products aim to do. EASM keeps your exposed-asset inventory up to date. The AppSec suite replays a pentest scope after every deployment and flags regressions. Human engagements stay where they're worth their cost: exploitation, architecture review, contextual judgement.
AI is used to reduce noise (false positives, non-exploitable findings) and to draft reports. The final call — qualifying, prioritising, writing the client-ready version — always goes through a human operator.
The principles behind every product.
Offensive rigor
My personal commitment: test like an attacker, document like an auditor. No cosmetic checklists, no unreproducible findings.
Transparency
Detailed reports with proofs of exploitation, justified CVSS scores, concrete remediation plans. No black boxes — you understand every finding.
Sovereignty
Code, data, and hosting in France. Native GDPR compliance. Your pentest results stay strictly confidential.
Useful automation
AI isn't a marketing gimmick: I use it to cut false positives, prioritise by real exploitability, and focus my time on what requires human judgement.
Three pillars, one offensive approach.
EASM
Continuous mapping of your external attack surface. Forgotten-asset discovery, CVE detection, real-time alerts.
AI-Native AppSec
Contextual SAST, autonomous pentest agent, automated reports. A single platform for modern application security.
Web Pentesting
Black-box and white-box audits personally delivered by Maxime Jérôme, OSWE-certified. Actionable reports, retest included.
From field expertise to product.
Genesis
A field-driven realisation: too many false positives, too many non-actionable findings, too much overlooked attack surface. own2pwn was born to fix that.
Prototypes
First AI models trained for contextual vulnerability detection. Iterations against real-world targets and direct field feedback.
EASM platform
EASM goes to production: asset discovery, continuous CVE scanning, SIEM integration.
AI-Native AppSec
Launch of the AppSec suite: SAST, autonomous DAST, and report generation in a single console.
Maxime Jérôme — offensive operator, founder of own2pwn.
Pentester by trade, OSWE-certified. I founded own2pwn to bring defensive tooling closer to real-world offensive practice: you don't build a strong security product without having broken systems yourself.
own2pwn is a French sole proprietorship (micro-entreprise) registered with the Cannes RCS, SIREN 981 834 856. A deliberately lean structure: every engagement, every line of code, every report goes through me.
Test your defences, continuously.
Discover EASM or talk to us directly about your pentest needs.