Vulnerability scan.

A professional scanner on your web or API with every finding reviewed and triaged by hand. Detects common vulnerabilities without the false-positive noise.

Duration
1–2 days
Price
From €390 + VAT

Catch the obvious, without false positives.

OWASP Top 10 coverage

Injections, broken access control, insecure configuration, components with known CVEs, etc.

Manual triage of every finding

We discard noise and false positives before sending anything. Your report only contains verified findings.

Report prioritized by severity

CVSS + your application context. You know exactly what to fix first and why.

Short results meeting

30 minutes. We walk you through the findings, answer technical questions and clarify the remediation steps.

What this level does NOT cover

  • Chained exploitation of vulnerabilities
  • Business-logic flaws (those belong to the pentest)
  • Fine-grained access control between custom roles
  • Complex authentication or authorization bypasses

If you need all that, what you want is the full manual pentest.

  • Professional vulnerability scanner (OWASP Top 10)
  • Manual triage: we discard noise and false positives
  • Report prioritized by severity
  • Short results meeting
  • Periodic checkup of your application.
  • Before an important release.
  • When a client or audit asks you for evidence.
  • To validate the baseline before investing in a pentest.

What people usually ask about this service.

How is it different from the pentest?+
The scan detects common vulnerabilities with a professional scanner, and we validate every finding by hand so there are no false positives. But we don't exploit vulnerability chains or look for business-logic flaws. That's what the manual pentest is for.
Does it affect production?+
The goal is not to impact the service. We agree the testing window and intrusion level with you. Tests that could affect availability are done only with your explicit permission or in staging if you prefer.
How many URLs/endpoints does the price cover?+
We define the fixed price after a scoping call. For a typical website or a medium-sized API, a single scan unit covers everything. If your application is larger we tell you before starting — we never bill surprises.

Shall we start with the scan?

We reply within 24h with a scope proposal and start date.