> For the complete documentation index, see [llms.txt](https://dualguard.gitbook.io/dualguard/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://dualguard.gitbook.io/dualguard/dual-programs/full-stack-security.md).

# Full-Stack Security

***Full-Stack Security*** is a co-hosted program run by DualGuard and [Valkyri Security](https://www.valkyrisec.com/).

It gives protocol teams a full-stack security engagement across infrastructure, web2, and web3 components.

The program runs in two phases.

First, Valkyri Security performs a full-stack security review of the project.

Then, DualGuard runs a full-stack security review contest on the same broader system scope.

### What Full-Stack Security includes

Full-Stack Security combines two complementary review formats:

* **Valkyri Security review:** a direct, expert-led assessment of the project's full stack.
* **DualGuard contest:** a competitive full-stack review that brings more researchers and attack paths into scope.
* **Shared security coverage:** one program that spans infrastructure, backend, frontend, smart contracts, and integrations.

### Why this program exists

Modern protocols do not fail only at the smart contract layer.

Critical risk also lives in infrastructure, backend services, deployment flows, admin systems, and web applications.

This program is built for teams that want security coverage across the whole product surface.

Valkyri Security provides the first structured review pass.

DualGuard then expands coverage through a contest format with multiple independent attacker perspectives.

Used together, they help teams find both architectural weaknesses and implementation-level issues before launch or upgrade.

### How the program works

{% stepper %}
{% step %}

### Full-stack review with Valkyri Security

Valkyri Security reviews the project's layers under the agreed scope.

That scope can include:

* infrastructure and cloud setup
* web2 systems such as backend services and APIs
* web3 systems such as smart contracts and onchain integrations
  {% endstep %}

{% step %}

### Full-stack contest on DualGuard

After the initial review, DualGuard runs a contest on the broader system scope.

The contest adds more researcher coverage and more adversarial depth across the same stack.

Teams get validated findings, clearer prioritization, and stronger confidence before shipping.
{% endstep %}
{% endstepper %}

### When Full-Stack Security is a good fit

This program is a strong fit when:

* the project spans smart contracts, apps, backend services, and infrastructure
* the team wants one security program instead of separate siloed reviews
* the launch or upgrade carries material technical and financial risk

### What teams receive

Protocol teams should expect:

* a full-stack review from Valkyri Security
* a full-stack security contest on DualGuard
* a broader set of validated findings across the project's critical layers

### Learn more

For more on DualGuard contests, see [How Security Review Contests Work](/dualguard/security-reviews/security-reviews-for-protocol-teams/how-security-review-contests-work.md) and [Security Reviews for Protocol Teams](/dualguard/security-reviews/security-reviews-for-protocol-teams.md).

### Next step

If you want to explore ***Full-Stack Security***, start with a security review request and note that you want the co-hosted program with Valkyri Security.

Request a security review here: <https://staging.dualguard.xyz/for-protocols>
