SecScan Vulnerability Assessment
Automated assessment to find weaknesses before launch
SecScan Vulnerability Assessment
Features
Automated scanning
Covers injection, auth flaws and misconfiguration risks.
Risk-ranked reports
Ranked by severity with reproduction steps and remediation advice.
Scoped authorization
Runs only within written authorization under responsible disclosure.
What a report looks like
Below is a sample scan report against our own test target, showing the rigor of what we deliver: scope, method, graded findings, reproduction steps, and remediation.
Sample report against a self-built test target — not a real customer. SecScan is in development with a waitlist, and runs only within written authorization.
- Target
- demo.testbed.local
- Scope
- Single web app · 42 routes
- Method
- Automated scan + manual verification
- HIGHMissing Content-Security-Policy header
resp: no content-security-policy
Repro Response headers ship no CSP, leaving injected scripts unbounded.
Fix Set a strict CSP that limits script-src and external origins.
- MEDIUMSession cookie without Secure flag
set-cookie: sid=… (no Secure)
Repro set-cookie omits Secure, so the cookie may leak over plaintext.
Fix Add Secure and HttpOnly attributes to the session cookie.
- LOWServer banner discloses version
server: nginx/1.18.0
Repro The Server header reveals the nginx version, easing known-CVE matching.
Fix Remove or mask the server version banner.
Use Cases
SecScan fits a pre-launch security check or when a client or auditor requires an assessment report. Testing runs only after written authorization from the system owner.
This product is in development; contact us about timeline and trial arrangements.
FAQ
- Is authorization required?
- Yes. Written authorization and confirmed scope from the system owner are required; we do not test without it.