Security Methodology

Our Security Testing
Methodology

Enterprise-grade methodology. Transparent scope. Every test category, standard, and tool documented so your procurement and security teams can evaluate with confidence.

Methodology coverage

What we test, what standards we follow, and what checks are included in every engagement.

Category	Tests Included	Standard
Web Application	OWASP Top 10, SQLi, XSS, CSRF, IDOR, file upload, auth bypass	OWASP WSTG v4.2
API Security	BOLA, broken auth, mass assignment, injection, rate limiting	OWASP API Security Top 10
SSL/TLS	Protocol version, cipher suites, cert validity, HSTS, CAA	Mozilla TLS Guidelines
Security Headers	CSP, X-Frame-Options, X-Content-Type, HSTS, Referrer-Policy	OWASP Secure Headers
Subdomain Enumeration	DNS brute-force, certificate transparency, zone transfer	Public DNS Data Only
Cloud Configuration	S3 ACLs, IAM policies, public buckets, security groups	CIS Benchmarks

Web Application

OWASP WSTG v4.2

OWASP Top 10, SQLi, XSS, CSRF, IDOR, file upload, auth bypass

API Security

OWASP API Security Top 10

BOLA, broken auth, mass assignment, injection, rate limiting

SSL/TLS

Mozilla TLS Guidelines

Protocol version, cipher suites, cert validity, HSTS, CAA

Security Headers

OWASP Secure Headers

CSP, X-Frame-Options, X-Content-Type, HSTS, Referrer-Policy

Subdomain Enumeration

Public DNS Data Only

DNS brute-force, certificate transparency, zone transfer

Cloud Configuration

CIS Benchmarks

S3 ACLs, IAM policies, public buckets, security groups

What we don't test

Explicit scope boundaries. No surprises for your team or your vendors.

No social engineering or phishing simulation

We do not send phishing emails, make pretexting calls, or attempt any form of social engineering against your employees. Available as a separate engagement on request.

No physical security testing

We do not test physical access controls, tailgating, badge cloning, or on-site infrastructure.

No denial-of-service testing

We do not perform DDoS, volumetric attacks, or any test designed to degrade or disrupt service availability.

No testing of third-party services outside your domain

We only test assets you own and authorize. Third-party SaaS, CDNs, or payment gateways are out of scope unless explicitly included.

No credential stuffing against your users

We do not attempt credential stuffing, password spraying, or brute-force attacks against your production user accounts.

Tool stack

Industry-standard open-source tools orchestrated by AI. Every scan runs in an isolated Firecracker microVM.

Nuclei

v3.x

Template-based vulnerability scanning. 9,000+ community and custom templates covering CVEs, misconfigurations, and exposed panels.

Nmap

v7.x

Port scanning, service fingerprinting, banner grabbing, and OS detection across TCP/UDP.

SSLyze

v6.x

TLS/SSL configuration analysis. Protocol enumeration, cipher suite auditing, certificate chain validation, HSTS and CAA checks.

ZAP

v2.x

DAST proxy for web application testing. Active scanning, authentication testing, and session management analysis.

Claude AI

Anthropic

Finding validation, false-positive elimination, CVSS scoring with environmental context, business-impact translation, and remediation generation.

Tool versions updated as of March 2026. All tools run latest stable releases at time of scan.

See it on your own domain

Run a free scan using this exact methodology. Summary report in 45 minutes. No credit card required.

Book Your Free Scan

Loading…

Methodology coverage

What we test, what standards we follow, and what checks are included in every engagement.

Category	Tests Included	Standard
Web Application	OWASP Top 10, SQLi, XSS, CSRF, IDOR, file upload, auth bypass	OWASP WSTG v4.2
API Security	BOLA, broken auth, mass assignment, injection, rate limiting	OWASP API Security Top 10
SSL/TLS	Protocol version, cipher suites, cert validity, HSTS, CAA	Mozilla TLS Guidelines
Security Headers	CSP, X-Frame-Options, X-Content-Type, HSTS, Referrer-Policy	OWASP Secure Headers
Subdomain Enumeration	DNS brute-force, certificate transparency, zone transfer	Public DNS Data Only
Cloud Configuration	S3 ACLs, IAM policies, public buckets, security groups	CIS Benchmarks

Web Application

OWASP WSTG v4.2

OWASP Top 10, SQLi, XSS, CSRF, IDOR, file upload, auth bypass

API Security

OWASP API Security Top 10

BOLA, broken auth, mass assignment, injection, rate limiting

SSL/TLS

Mozilla TLS Guidelines

Protocol version, cipher suites, cert validity, HSTS, CAA

Security Headers

OWASP Secure Headers

CSP, X-Frame-Options, X-Content-Type, HSTS, Referrer-Policy

Subdomain Enumeration

Public DNS Data Only

DNS brute-force, certificate transparency, zone transfer

Cloud Configuration

CIS Benchmarks

S3 ACLs, IAM policies, public buckets, security groups

What we don't test

Explicit scope boundaries. No surprises for your team or your vendors.

No social engineering or phishing simulation

We do not send phishing emails, make pretexting calls, or attempt any form of social engineering against your employees. Available as a separate engagement on request.

No physical security testing

We do not test physical access controls, tailgating, badge cloning, or on-site infrastructure.

No denial-of-service testing

We do not perform DDoS, volumetric attacks, or any test designed to degrade or disrupt service availability.

No testing of third-party services outside your domain

We only test assets you own and authorize. Third-party SaaS, CDNs, or payment gateways are out of scope unless explicitly included.

No credential stuffing against your users

We do not attempt credential stuffing, password spraying, or brute-force attacks against your production user accounts.

Tool stack

Industry-standard open-source tools orchestrated by AI. Every scan runs in an isolated Firecracker microVM.

Nuclei

v3.x

Template-based vulnerability scanning. 9,000+ community and custom templates covering CVEs, misconfigurations, and exposed panels.

Nmap

v7.x

Port scanning, service fingerprinting, banner grabbing, and OS detection across TCP/UDP.

SSLyze

v6.x

TLS/SSL configuration analysis. Protocol enumeration, cipher suite auditing, certificate chain validation, HSTS and CAA checks.

ZAP

v2.x

DAST proxy for web application testing. Active scanning, authentication testing, and session management analysis.

Claude AI

Anthropic

Finding validation, false-positive elimination, CVSS scoring with environmental context, business-impact translation, and remediation generation.

Tool versions updated as of March 2026. All tools run latest stable releases at time of scan.

Our Security Testing Methodology

Methodology coverage

Web Application

API Security

SSL/TLS

Security Headers

Subdomain Enumeration

Cloud Configuration

What we don't test

No social engineering or phishing simulation

No physical security testing

No denial-of-service testing

No testing of third-party services outside your domain

No credential stuffing against your users

Tool stack

Nuclei

Nmap

SSLyze

ZAP

Claude AI

See it on your own domain

Our Security Testing Methodology

Methodology coverage

Web Application

API Security

SSL/TLS

Security Headers

Subdomain Enumeration

Cloud Configuration

What we don't test

No social engineering or phishing simulation

No physical security testing

No denial-of-service testing

No testing of third-party services outside your domain

No credential stuffing against your users

Tool stack

Nuclei

Nmap

SSLyze

ZAP

Claude AI

See it on your own domain

Our Security Testing
Methodology

Our Security Testing
Methodology