What We Test

What we DO

  • Scan publicly accessible URLs and endpoints
  • Test for common vulnerabilities (authentication, injection, SSRF, etc.)
  • Attempt proof-of-concept validation (non-destructive)
  • Provide fix guidance for issues found

What we DON'T do

  • Access anything behind authentication
  • Perform denial-of-service attacks
  • Brute force credentials
  • Exfiltrate or store your application's data
  • Social engineering
  • Test infrastructure (servers, DNS, etc.)

Our scans are non-destructive and designed to identify vulnerabilities without causing harm to your application or its users.