External exposure report.

We send you within 48 business hours a short report on your site's visible security configuration. Passive, non-intrusive analysis: we don't look for exploitable vulnerabilities or touch your systems.

What we review

  • SSL/TLS certificate and configuration
  • HTTP security headers
  • CSP policy and SRI integrity
  • JavaScript libraries with known vulnerabilities

Important: this report does not look for exploitable vulnerabilities. For that you need the vulnerability scan or the manual pentest.

Controller: Secutesting · Purpose: send you the requested report · Rights: contacto@secu-testing.com

What people usually ask about this service.

Is it really free? Where's the catch?+
It's free and there's no hidden catch: it's a passive, highly automated review, so it costs us little to produce. We do it because it's the best way to show you how we work before you pay us anything. If afterwards you want a scan or a pentest, great; if not, you keep the report anyway.
Do you touch my system?+
No. It's a 100% passive analysis from the outside. We don't send exploitation traffic or try to access anything. We only look at what anyone with a browser could see.
Do you detect exploitable vulnerabilities?+
No. This report does NOT look for exploitable vulnerabilities: it only reviews visible security configuration. To detect real vulnerabilities you need the scan (level 2) or the pentest (level 3).

Ready for the next step?

The free report is a first look. If you want to detect real vulnerabilities, the scan or the pentest are what you want.