How it works
Three steps, and most of them happen without you having to think about them.
- 1. Add and verify your sites
1. Tell us your sites.
One quick verification — a DNS record or a file upload — and we know we’re authorised to scan you. Takes a couple of minutes.
- 2. Continuous scanning
2. We check your sites on a schedule.
The same checks security professionals run, automated and updated daily. Your plan decides how often we run them — you don’t have to remember.
- 3. Health score + plain English
3. You see one health score, with plain-English findings.
A single number that goes up or down, with a list of findings underneath. Fix what we tell you, hand it to your developer, or pass it to our consultancy team.
What we check on your sites
The same checks security professionals run, on a schedule, with results in plain English.
- Open ports and exposed services
Anything reachable from the open internet that should not be — databases, admin panels, remote-access ports.
- Known security flaws
Thousands of publicly catalogued security flaws checked against your stack, continually updated from public security databases.
- Web-application vulnerabilities
Active checks for the flaws that only show up by interacting with your site — injection, broken sign-in, mixed content, missing security headers.
- SSL/TLS encryption quality
Expiring certificates, weak encryption ciphers, and outdated protocols that cause browser warnings.
- Forgotten subdomains
The dev, staging, and old marketing sites you forgot about — often running older, unpatched software.
- Mobile and desktop performance
Page-load speed, accessibility, and search-engine basics, scored separately for mobile and desktop visitors.
How often we scan, by plan
| Plan | Scan cadence |
|---|---|
| Free | Weekly scheduled scans |
| Starter | Daily + on-demand scans |
| Pro | Hourly scheduled scans |
| Enterprise | Continuous and on-demand |
All plans include on-demand scans on top of the schedule. Hit “Scan now” whenever you push a change.