That means, looking for security problems, doing some performance tests etc... checking the architecture and so on.
You´ll get the source code and I´ll install the application to a test server where you get full access.
Can you create security audit report?
One of my customers requested for one.
At the end of the report should look good (screenshots and explanations) ;) and it should mention some well known technical things like sql iniection and recommendations for improving the sourcecode etc..