Answers to common questions about our website audit and basic pentesting services.
No. This is a basic website audit and light pentesting review focused on common issues, misconfigurations, and public exposure. It is not a full enterprise penetration test.
Usually no. Most basic audits are performed from the outside, like a public visitor would see your website. Authenticated testing is available as part of the Audit + Basic Pentest package upon request.
The audit uses non-destructive methods. We do not attempt destructive exploitation, denial-of-service testing, or anything that could disrupt your website.
You receive a plain-English report with risk-ranked findings and a raw data package containing the actual scan outputs from the tools used.
Yes. The report is designed so your developer, IT provider, or hosting company can understand and act on the findings.
Yes. WordPress sites are a strong fit for this service. We check version exposure, plugin/theme risks, and common WordPress-specific issues.
No audit can guarantee that. The goal is to identify visible risks and give you practical next steps to improve your website's security posture.
We use professional-grade open-source tools such as Nuclei, nmap, SSLyze, testssl.sh, WPScan, WhatWeb, Katana, httpx, and others depending on your website platform and the package selected.
Basic audits are delivered in 2–3 business days. Audit + Basic Pentest in 3–5 business days. Multi-site audits in 5–10 business days.
The raw data contains technical scan results. We recommend storing it securely and only sharing it with your developer or IT provider. The data is point-in-time and should not be considered a guarantee of security.