Penetration Testing Services

Domain & DNS Health

Registration, name servers, SPF/DKIM/DMARC email security, and certificate authority lock-in.

Network Exposure

Open ports, exposed services, and banner leaks that reveal version and configuration details to attackers.

TLS & Encryption

Certificate validity, weak protocols, cipher suite weaknesses, and HSTS posture across all endpoints.

Security Headers

HSTS, CSP, frame-options, content-type-options, and the full set of HTTP response security headers.

Web Application Weaknesses

Exposed admin paths, source-control leaks, debug pages, open redirects, and host-header injection vulnerabilities.

JavaScript Secrets

Hardcoded API keys, cloud credentials, and internal URLs accidentally shipped in your front-end bundle. We also scan historical snapshots.

CMS-Specific Issues

Known-vulnerable plugins and outdated cores for WordPress, Drupal, Joomla, and Magento installations.

API Exposure

Swagger and GraphQL endpoints left in production, introspection enabled, and unauthenticated API surface.

Cloud Storage

Accidentally-public S3, GCS, and Azure buckets tied to your brand — a common source of data breaches.

Subdomain Takeover Risk

Dangling DNS records pointing at unclaimed services — a vector attackers use to impersonate your brand.

CORS & JWT Auth Flaws

Wildcard CORS origins, dangerous JWT algorithm choices, and auth configuration errors.

Known CVEs

Automatically correlated against the software versions we detect, cross-referenced against the latest vulnerability databases.

CORS Misconfiguration

Active and Deep — detects arbitrary origin reflection, null origin bypass, and credential leakage via CORS headers.

CRLF Injection

Active and Deep — tests header injection via URL path and query string parameters.

Cache Poisoning

Active and Deep — detects unkeyed header reflection confirmed by cache HIT on second request.

WAF Detection

Active and Deep — fingerprints Cloudflare, Sucuri, F5, Imperva, Akamai, or unknown WAF via attack pattern probes.

Rate Limiting

Active and Deep — tests login and API endpoints for missing rate limit enforcement.

SSRF Probe

Active and Deep — injects cloud IMDS URLs (AWS, GCP, Azure) and loopback addresses into URL-like parameters and headers to detect server-side request forgery.

HTML & Content Injection

Active and Deep — tests URL parameters and body values for reflected HTML injection, attribute injection, CSS injection, and JavaScript context injection.

TLS Deep Analysis

Deep only — full cipher suite analysis: SSLv2/DROWN, SSLv3/POODLE, BEAST, SWEET32 (3DES), FREAK/EXPORT, LOGJAM (DHE-EXPORT), NULL cipher support, and absence of Perfect Forward Secrecy.

SQL Injection

Active and Deep — error-based, boolean-blind, and time-based blind SQLi probes across URL parameters, form fields, headers, and JSON body values.

Cross-Site Scripting (XSS)

Active and Deep — reflected XSS testing across script tag, attribute break, JavaScript context, and DOM sink injection vectors.

Template Injection (SSTI)

Active and Deep — server-side template injection probes for Jinja2, Twig, Freemarker, ERB, and Pug template engines.

Local File Inclusion (LFI)

Active and Deep — path traversal and LFI probes via URL parameters and headers; detects reading of /etc/passwd, web server configs, and application source files.

XML External Entity (XXE)

Active and Deep — XXE injection in XML-accepting endpoints, testing for file retrieval, SSRF-via-DTD, and out-of-band exfiltration.

File Upload Abuse

Active and Deep — tests upload endpoints for script extension bypass, double-extension upload, and MIME-type bypass; confirms retrieval to verify RCE risk with no false positives on SPA catch-all routes.

HTTP Request Smuggling

Active and Deep — CL.TE, TE.CL, and TE.TE desync probes. Baseline-diffed against canary requests to confirm desync and minimize false positives.

Default Credentials

Deep only — tests detected admin panels (Jenkins, phpMyAdmin, Grafana, Adminer, Kibana, Tomcat Manager, Airflow, Traefik, RabbitMQ) for default or weak credential acceptance.

Session Management

Deep only — analyzes cookie entropy, Secure/HttpOnly/SameSite flag presence, session token predictability, and fixation risk.

OAuth Misconfiguration

Deep only — tests OAuth flows for missing state parameter (CSRF), open redirect_uri, and insufficient redirect-URI validation.

Insecure Direct Object References (IDOR)

Deep only — IDOR enumeration on API endpoints using sequential ID manipulation, UUID guessing, and horizontal privilege escalation probes.

GraphQL Deep Analysis

Deep only — introspection abuse, batch query amplification, query-depth and complexity exploitation, and field-level authorization probes.

WebSocket Security

Deep only — Origin header validation, cross-site WebSocket hijacking (CSWSH), and message injection probes on detected WebSocket endpoints.

Dependency Confusion

Deep only — detects exposed package manifest files and internal package names that could be squatted in public registries for supply-chain compromise.

Prototype Pollution

Deep only — client-side prototype pollution probes via query parameters and JSON body values, testing for gadget-chaining to DOM-based XSS.