Continuous Vulnerability Scanning with Expert Validation
What’s Included
-
Continuous external vulnerability scanWe continuously scan your internet-facing assets to detect new and emerging threats and provide monthly reports - Executive summary for investors and stakeholdersBusiness-focused summary with clear risk explanations for clients, investors, or auditors
- No false positivesAll findings are manually verified by security experts to ensure relevance and accuracy
- CVSSv4 risk scoringIndustry-standard scoring system to assess business impact and prioritize fixes
- Step-by-step PoCsEvery exploitable vulnerability is documented with detailed, reproducible proof-of-concept steps
- Detailed recommendationsEach vulnerability includes clear, step-by-step remediation guidance for fast and effective fixes
How It Works
You provide a list of external assets
We scan them and manually validate all findings
You receive a report with prioritized findings, recommendations, and an executive summary every month
Example of Finding
SQL Injection in Check Availability Function
Business Impact
A security expert was able to extract full client names, order histories, and personal addresses of all platform users. The eShop items page features a “check availability” function that accepts a city name via a text input field. Due to improper input handling, this functionality is vulnerable to SQL injection.
Severity Score
🔴 9.3 Critical (CVSS 4.0)
Affected URL
https://testcorp.com/product/<id>/
Proof of Concept
1. Open the following webpage in a web browser:
https://testcorp.com/product/1215615383/
2. Click the "Check availability" drop-down.
3. Enter ' UNION SELECT name FROM users LIMIT 5-- into the "City" field and press Enter.
4. The list of shops contains other users' names.
A security expert was able to extract full client names, order histories, and personal addresses of all platform users. The eShop items page features a “check availability” function that accepts a city name via a text input field. Due to improper input handling, this functionality is vulnerable to SQL injection.
Severity Score
🔴 9.3 Critical (CVSS 4.0)
Affected URL
https://testcorp.com/product/<id>/
Proof of Concept
1. Open the following webpage in a web browser:
https://testcorp.com/product/1215615383/
2. Click the "Check availability" drop-down.
3. Enter ' UNION SELECT name FROM users LIMIT 5-- into the "City" field and press Enter.
4. The list of shops contains other users' names.
Remediation steps
1. Locate a function with a vulnerable SQL request construction like the one provided below:
String sql = "SELECT DISTINCT city FROM inventory "
+ "WHERE item_id = " + itemId
+ " AND city = '" + city + "';";
ResultSet rs = stmt.executeQuery(sql);
2. Replace the SQL request string construction with a prepared statement, as in the following example:
String sql = "SELECT DISTINCT city FROM inventory WHERE item_id = ? AND city = ?";
PreparedStatement ps = conn.prepareStatement(sql)
ps.setInt(1, itemId);
ps.setString(2, city);
ResultSet rs = ps.executeQuery();
For extra details, refer to the PostgreSQL prepared statements documentation:
https://www.postgresql.org/docs/current/sql-prepare.html
1. Locate a function with a vulnerable SQL request construction like the one provided below:
String sql = "SELECT DISTINCT city FROM inventory "
+ "WHERE item_id = " + itemId
+ " AND city = '" + city + "';";
ResultSet rs = stmt.executeQuery(sql);
2. Replace the SQL request string construction with a prepared statement, as in the following example:
String sql = "SELECT DISTINCT city FROM inventory WHERE item_id = ? AND city = ?";
PreparedStatement ps = conn.prepareStatement(sql)
ps.setInt(1, itemId);
ps.setString(2, city);
ResultSet rs = ps.executeQuery();
For extra details, refer to the PostgreSQL prepared statements documentation:
https://www.postgresql.org/docs/current/sql-prepare.html
Subscription Plan
Free Scan
- 1 asset automatic assessment till the first Medium finding
- Manual result verification
- Professional report
Free
Request free scan
Standard
- Up to 3 assets per month
- Manual results verification
- Professional report
- One round of vulnerability retest per month
$499 / month
Start subscription
Premium
- Up to 10 assets per month
- Manual results verification
- Professional report
- Zoom call with detailed results presentation
- Unlimited vulnerability retests
$1499 / month
Start subscription Our team has contributed to the security of
solutions used by
solutions used by
Start Your Free Trial
FAQ
During the initial consultation, we’ll identify your business-specific security risks based on your industry and threat landscape. We’ll also discuss your goals and requirements, and define a tailored testing scope that aligns with your needs.
Executive summary and detailed explanation of all findings prioritized by severity, including step-by-step Proof of Concept, CVSS scoring, and remediation guidance. You can request the report sample using the contact form.
Domain, IP address, or API root.
The free scan is typically completed within 3–4 business days. It includes vulnerability scanning and manual validation up to the first confirmed Medium or higher severity issue.
New vulnerabilities appear regularly in your infrastructure, applications, or due to updates and configuration changes. Continuous testing helps detect these risks early.
A retest is a focused follow-up assessment that verifies whether a previously identified vulnerability has been properly addressed. We simulate the original exploitation attempt along with a few additional variations to ensure the issue is no longer reproducible by an attacker.
