I work as a junior web penetration tester. VAPT is my field. I do use automatic tools but the manual penetration is the most important part.
I usually do black box testing and some grey box testing but code review sounds great to me as well
At the end of security audit i will present the report to you/your company and we can even set up a call if you want. The structure of the report will be discussed in private so i can better understand what are you interested in(vulnerability location, proof of concept, methods to fix it, impact, CVSS etc).
I can give you a "good practice tutorial" and basic attacks or what are you interested on.
Thank you and for more details feel free to contact me if you want to see how the report will look or other things.