Comprehensive Security Assessment
Acme Corporation
March 30, 2025
March 15-30, 2025
This report provides a comprehensive analysis of your organization's external attack surface, identifying potential security vulnerabilities and recommending mitigation strategies. The assessment covers DNS health, application security, network infrastructure, dark web exposure, and security misconfigurations.
CONFIDENTIAL: This report contains sensitive security information.
This report provides a comprehensive overview of your organization's attack surface based on a one-time scan. Each section focuses on a specific security domain with detailed findings and recommendations.
The Asset Discovery section provides an inventory of all discovered digital assets associated with your organization. The Overall Security Health section provides a high-level summary, while subsequent sections dive deeper into specific security domains.
Each security domain includes a "Parameters Checked" page that details the specific tests and checks performed during the scan, followed by a "Findings Summary" page that provides a detailed tabular view of all findings related to that domain. These summary tables can be configured to show different numbers of rows based on your needs.
Key findings and critical vulnerabilities are highlighted throughout the report, with actionable recommendations to improve your security posture.
This section provides an overview of all digital assets discovered during the scan that are associated with your organization. These assets form your external attack surface and represent potential entry points for attackers.
The scan identified 3 root domains and 4 subdomains. Of these, 5 are currently unreachable.
Discovered digital assets
Discovered domains
Discovered subdomains
SSL certificates
| Domain | Status | Registrar | Created | Expires |
|---|---|---|---|---|
| techbizventures.com | Reachable | GoDaddy.com, LLC | Oct 30, 2007 | Dec 19, 2025 |
| x-bizcore.com | Unreachable | Amazon Registrar, Inc. | Jun 27, 2023 | Jun 27, 2025 Expiring Soon |
| truecheck.ai | Reachable | N/A | N/A | N/A |
| Hostname | Issuer | Valid From | Valid Until | Subject Alt Names |
|---|---|---|---|---|
| truecheck.ai | Google Trust Services | 2025-01-24 | 2025-04-24 Expiring Soon | DNS:truecheck.ai, DNS:*.truecheck.ai |
| digidrive.ai | Google Trust Services | 2025-03-09 | 2025-06-07 Expiring Soon | DNS:digidrive.ai, DNS:*.digidrive.ai |
| xbizventures.com | Google Trust Services | 2025-02-03 | 2025-05-04 Expiring Soon | DNS:xbizventures.com, DNS:*.xbizventures.com |
This section provides details about your organization's network infrastructure, including IP addresses, open ports, DNS records, and geographic distribution. These components form the backbone of your digital presence and represent critical elements of your attack surface.
The scan identified 3 IP addresses, 12 open ports, and 3 DNS records across 1 countries.
Discovered IP addresses
Discovered open ports
Discovered DNS records
| Hostname | Port | Protocol | Service | Risk Level |
|---|---|---|---|---|
asm.x-bizcore.com | 80 | tcp | Cloudflare http proxy | Low |
asm.x-bizcore.com | 443 | tcp | Cloudflare http proxy | Low |
asm.x-bizcore.com | 8080 | tcp | Cloudflare http proxy | Medium |
asm.x-bizcore.com | 8443 | tcp | Cloudflare http proxy | Low |
truecheck.ai | 80 | tcp | Cloudflare http proxy | Low |
truecheck.ai | 443 | tcp | Cloudflare http proxy | Low |
truecheck.ai | 8080 | tcp | Cloudflare http proxy | Medium |
truecheck.ai | 8443 | tcp | Cloudflare http proxy | Low |
mail.techbizventures.com | 110 | tcp | Dovecot pop3d | Medium |
mail.techbizventures.com | 143 | tcp | Dovecot imapd | Medium |
mail.techbizventures.com | 993 | tcp | Dovecot imapd | Low |
mail.techbizventures.com | 995 | tcp | Dovecot pop3d | Low |
| IP Address | Protocol | Status |
|---|---|---|
2606:4700:20::681a:aef | http | Unreachable |
2606:4700:20::681a:bef | http | Unreachable |
2606:4700:3030::6815:6001 | http | Unreachable |
| ASN | ISP | IP | Location | Hostnames |
|---|---|---|---|---|
AS13335 | CloudFlare Inc. | 104.26.9.15 | US San Francisco California | digivision.ai, www.digivision.ai, digimagica.digivision.ai, masking.digivision.ai, piimasking.digivision.ai, digivision digimagica.digivision.ai, masking.digivision.ai, piimasking.digivision.ai, digivision.ai, lowcode.digivision.ai, uatdigimagica.digivision.ai, xbizocr.digivision.ai, demo.digivision.ai |
AS13335 | CloudFlare Inc. | 172.67.72.16 | US San Francisco California | api.x-bizcore.com, asm.x-bizcore.com |
AS13335 | CloudFlare Inc. | 104.21.32.1 | US San Francisco California | digidrive.ai, www.digidrive.ai, digidrive.ai, enquiry.digidrive.ai, help.digidrive.ai |
Your organization's overall security score is 72/100, which indicates a moderate security posture.
The assessment identified 3 critical and 12 high-severity issues that require immediate attention. Additionally, there are 24 medium and 41 low-severity issues that should be addressed according to your security roadmap.
Of the 187 assets scanned, 45 (24.1%) were found to have at least one security vulnerability that needs remediation.
Dark Web Monitoring shows the lowest score at 62/100, indicating this area requires the most immediate focus. Conversely, DNS Healthdemonstrates the strongest security controls with a score of 85/100.
The following sections provide detailed findings and recommendations for each security domain to help improve your overall security posture.
DNS (Domain Name System) is a critical component of your organization's internet presence and security posture. This section evaluates the health and security of your DNS infrastructure, including record configurations, security protocols, and potential vulnerabilities.
Your DNS health score is 85/100, which indicates a strong DNS security posture. The assessment identified 1 critical/high severity issues that require attention.
For a detailed summary of all DNS findings, please refer to the DNS Findings Summary page.
DNSSEC is not implemented for 3 domains, leaving them vulnerable to DNS spoofing attacks.
Several DNS records point to decommissioned servers that are no longer maintained or patched.
SPF records use overly permissive settings that could allow email spoofing.
CAA records are not configured, allowing any Certificate Authority to issue certificates for your domains.
This section details the specific DNS parameters and configurations that were checked during the security assessment. The assessment evaluated DNS record configurations, security protocols, and potential vulnerabilities across your domains.
Domain Name System Security Extensions for authenticating DNS responses
Sender Policy Framework for email sender authentication
DomainKeys Identified Mail for email message authentication
Domain-based Message Authentication, Reporting & Conformance
Certificate Authority Authorization for restricting certificate issuance
Checks if zone transfers are restricted to authorized servers only
Checks if Time-To-Live values are appropriately configured
Checks if multiple nameservers are configured for redundancy
Checks for insecure wildcard DNS record configurations
Checks if DNS recursion is disabled on public nameservers
Checks for protections against DNS cache poisoning attacks
This table provides a detailed summary of all findings related to dns health findings. Each row represents a specific finding with information about the affected asset, the parameter that was checked, the observed value, and the expected value.
The status column indicates whether the finding passed or failed the security check, and the severity column indicates the criticality of the issue.
| Asset Name | Parameter Checked | Value Seen | Value Expected | Status | Severity |
|---|---|---|---|---|---|
| acmecorp.com | DNSSEC | Not Implemented | Implemented | High | |
| acmecorp.com | SPF Record | v=spf1 +all | v=spf1 ip4:192.168.1.0/24 -all | Medium | |
| acme-inc.net | DMARC Record | p=none | p=reject | Medium | |
| acmeproducts.com | CAA Record | Not Present | Present | Low | |
| acmesolutions.io | NS Records | 4 Nameservers | At least 2 Nameservers | Info | |
| acmecloud.com | A Record TTL | 300 seconds | 3600 seconds or higher | Low | |
| acmedev.org | MX Record | Priority 10 mail.acmedev.org | Valid MX record | Info | |
| acmesupport.com | DKIM | Not Implemented | Implemented | Medium | |
| acmeportal.net | DNS Zone Transfer | Allowed | Restricted | High | |
| mail.acmecorp.com | PTR Record | Present and Valid | Present and Valid | Info |
Application security focuses on the security of your web applications, APIs, and services exposed to the internet. This section evaluates vulnerabilities, security controls, and best practices implementation across your application portfolio.
Your application security score is 65/100, which indicates a moderate application security posture. The assessment identified 2 critical/high severity vulnerabilities that require immediate attention.
For a detailed summary of all application security findings, please refer to the Application Findings Summary page.
Several applications are using outdated TLS 1.0/1.1 protocols and weak cipher suites.
Multiple XSS vulnerabilities were identified in the customer portal application.
Session cookies are missing secure and httpOnly flags, making them vulnerable to theft.
Content Security Policy headers are not implemented, increasing the risk of XSS attacks.
This section details the specific application security parameters and configurations that were checked during the assessment. The assessment evaluated web applications, APIs, and services for vulnerabilities, security controls, and best practices implementation.
Checks for implementation of CSP headers to prevent XSS attacks
Checks for proper HTTPS implementation and redirection from HTTP
Checks for secure, httpOnly, and SameSite cookie attributes
Checks for X-Frame-Options header to prevent clickjacking
Checks for X-Content-Type-Options header to prevent MIME sniffing
Checks for Referrer-Policy header to control referrer information
Checks for proper API authentication mechanisms
Checks for implementation of rate limiting to prevent abuse
Checks for proper input validation to prevent injection attacks
Checks for secure Cross-Origin Resource Sharing configuration
Checks for proper API versioning implementation
This table provides a detailed summary of all findings related to application security findings. Each row represents a specific finding with information about the affected asset, the parameter that was checked, the observed value, and the expected value.
The status column indicates whether the finding passed or failed the security check, and the severity column indicates the criticality of the issue.
| Asset Name | Parameter Checked | Value Seen | Value Expected | Status | Severity |
|---|---|---|---|---|---|
| customer-portal.acmecorp.com | TLS Version | TLS 1.0 | TLS 1.2 or higher | Critical | |
| shop.acmecorp.com | XSS Protection | Vulnerable to XSS | Protected against XSS | High | |
| api.acmecorp.com | Cookie Security | Missing Secure & HttpOnly flags | Secure & HttpOnly flags set | Medium | |
| www.acmecorp.com | Content-Security-Policy | Not Implemented | Implemented | Medium | |
| support.acmecorp.com | HTTPS Redirection | Redirects HTTP to HTTPS | Redirects HTTP to HTTPS | Info | |
| blog.acmecorp.com | Clickjacking Protection | X-Frame-Options not implemented | X-Frame-Options implemented | Medium | |
| careers.acmecorp.com | Input Validation | Vulnerable to injection attacks | Proper input validation implemented | High | |
| dev.acmecorp.com | Error Handling | Verbose error messages exposed | Generic error messages | Low | |
| status.acmecorp.com | Rate Limiting | No rate limiting implemented | Rate limiting implemented | Medium | |
| cdn.acmecorp.com | CORS Configuration | Permissive CORS configuration | Restrictive CORS configuration | Medium |
Network security focuses on the protection of your organization's network infrastructure, including firewalls, routers, and exposed services. This section evaluates the security of your network perimeter, exposed ports, and potential vulnerabilities.
Your network security score is 78/100, which indicates a moderate network security posture. The assessment identified 2 critical/high severity issues that require immediate attention.
For a detailed summary of all network security findings, please refer to the Network Findings Summary page.
| Port | Service | Instances | Risk Level |
|---|---|---|---|
| 80 | HTTP | 24 | Medium Risk |
| 443 | HTTPS | 32 | Low Risk |
| 22 | SSH | 8 | Medium Risk |
| 3389 | RDP | 3 | High Risk |
| 21 | FTP | 2 | High Risk |
| 25 | SMTP | 5 | Medium Risk |
Administrative interfaces for network devices are accessible from the internet without adequate protection.
Several firewalls are running outdated firmware with known vulnerabilities.
Insecure protocols (Telnet, FTP) are in use for internal communications.
Multiple non-essential ports are exposed to the internet, increasing the attack surface.
This section details the specific network security parameters and configurations that were checked during the assessment. The assessment evaluated network infrastructure, exposed services, and potential vulnerabilities across your network perimeter.
Scanning for open ports and services on network devices
Scanning for known vulnerabilities in network services
Collecting information about services and versions
Passive monitoring of network traffic for insecure communications
Testing firewall rule configurations and effectiveness
Checks if firewalls implement a default deny policy
Checks if outbound traffic is properly filtered
Checks if firewall rules are optimized and not redundant
Checks if firewalls implement stateful packet inspection
Checks if DMZ is properly configured and segmented
This table provides a detailed summary of all findings related to network security findings. Each row represents a specific finding with information about the affected asset, the parameter that was checked, the observed value, and the expected value.
The status column indicates whether the finding passed or failed the security check, and the severity column indicates the criticality of the issue.
| Asset Name | Parameter Checked | Value Seen | Value Expected | Status | Severity |
|---|---|---|---|---|---|
| 192.168.1.5 | Remote Management Interface | Exposed on port 3389 | Not exposed to internet | Critical | |
| 192.168.1.10 | Firewall Firmware | Version 2.3.4 (Outdated) | Version 3.1.2 or higher | High | |
| 192.168.1.15 | FTP Service | Running on port 21 | SFTP on port 22 or disabled | Medium | |
| 192.168.1.20 | Open Ports | 15 open ports | Minimal required ports | Medium | |
| 192.168.1.25 | SSH Configuration | SSH v2, Key-based auth | SSH v2, Key-based auth | Info | |
| 192.168.1.30 | Network Segmentation | Lack of network segmentation | Proper network segmentation | Medium | |
| 192.168.1.35 | Intrusion Detection System | IDS not implemented | IDS implemented | Medium | |
| 192.168.1.40 | Wireless Security | WEP encryption in use | WPA2 or WPA3 encryption | High | |
| 192.168.1.45 | VPN Configuration | Weak VPN configuration | Strong VPN configuration | Medium | |
| 192.168.1.50 | Network Monitoring | Insufficient network monitoring | Comprehensive network monitoring | Medium |
Dark web monitoring involves scanning dark web forums, marketplaces, and data dumps for information related to your organization. This section evaluates the exposure of your organization's data on the dark web, including credentials, personal information, and other sensitive data.
Your dark web monitoring score is 62/100, which indicates a moderate level of exposure on the dark web. The assessment identified 3 critical/high severity exposures that require immediate attention.
For a detailed summary of all dark web monitoring findings, please refer to the Dark Web Findings Summary page.
Multiple employee email/password combinations were found in recent data breaches.
Several API keys for cloud services were found in public code repositories.
A subset of customer data was identified for sale on dark web marketplaces.
Internal technical documentation was found on paste sites.
This section details the specific dark web monitoring parameters and sources that were checked during the assessment. The assessment evaluated dark web forums, marketplaces, and data dumps for information related to your organization.
Monitoring for leaked usernames, passwords, and account information
Monitoring for company data in known data breaches
Monitoring for brand mentions and impersonation attempts
Monitoring for leaked proprietary source code
Monitoring for information related to company executives
Monitoring of dark web forums and discussion boards
Monitoring of dark web marketplaces where data is bought and sold
Monitoring of paste sites like Pastebin for leaked information
Monitoring of public code repositories for sensitive information
Monitoring of Telegram channels used by threat actors
Monitoring of IRC channels used by threat actors
This table provides a detailed summary of all findings related to dark web monitoring findings. Each row represents a specific finding with information about the affected asset, the parameter that was checked, the observed value, and the expected value.
The status column indicates whether the finding passed or failed the security check, and the severity column indicates the criticality of the issue.
| Asset Name | Parameter Checked | Value Seen | Value Expected | Status | Severity |
|---|---|---|---|---|---|
| Employee Credentials | Password Breach | 15 accounts compromised | No compromised accounts | Critical | |
| Cloud Services | API Keys | 3 exposed API keys | No exposed API keys | High | |
| Customer Database | Data Breach | Partial data exposed | No data exposed | High | |
| Internal Documentation | Document Leakage | Technical docs on paste sites | No leaked documents | Medium | |
| Source Code | Code Repository | No exposed code | No exposed code | Info | |
| Financial Data | Credit Card Numbers | 2 credit card numbers exposed | No credit card numbers exposed | High | |
| Customer PII | Personal Information | Customer addresses exposed | No customer addresses exposed | High | |
| Strategic Plans | Business Strategy | Leaked strategic plans | No leaked strategic plans | Medium | |
| Intellectual Property | Patent Information | Patent information exposed | No patent information exposed | Medium | |
| Employee Information | Employee Records | Employee SSNs exposed | No employee SSNs exposed | Critical |
Security misconfigurations are one of the most common vulnerabilities in modern systems. This section evaluates configuration issues across your infrastructure, including cloud services, servers, applications, and network devices.
Your security configuration score is 70/100, which indicates a moderate configuration security posture. The assessment identified 3 critical/high severity misconfigurations that require immediate attention.
For a detailed summary of all security misconfiguration findings, please refer to the Misconfiguration Findings Summary page.
Size represents the frequency of the misconfiguration. Color indicates severity level.
Several systems are using default or easily guessable credentials.
Multiple cloud IAM roles have overly permissive access rights.
Several S3 buckets have public read or write access enabled.
Sensitive data is stored without encryption in several databases.
This section details the specific security misconfiguration parameters and configurations that were checked during the assessment. The assessment evaluated configuration issues across your infrastructure, including cloud services, servers, applications, and network devices.
Checks for secure configuration of cloud services and resources
Checks for secure configuration of web servers and applications
Checks for secure configuration of database servers and instances
Checks for secure configuration of network devices and firewalls
Checks for secure configuration of authentication systems and services
Center for Internet Security benchmarks for secure configuration
National Institute of Standards and Technology security controls
International Organization for Standardization security standard
Open Web Application Security Project Application Security Verification Standard
Cloud Security Alliance security guidance
This table provides a detailed summary of all findings related to security misconfigurations findings. Each row represents a specific finding with information about the affected asset, the parameter that was checked, the observed value, and the expected value.
The status column indicates whether the finding passed or failed the security check, and the severity column indicates the criticality of the issue.
| Asset Name | Parameter Checked | Value Seen | Value Expected | Status | Severity |
|---|---|---|---|---|---|
| admin.acmecorp.com | Default Credentials | Default admin/admin credentials | Strong unique credentials | Critical | |
| AWS IAM Roles | Permission Scope | Overly permissive roles | Least privilege principle | High | |
| acme-backups S3 Bucket | Public Access | Public read access enabled | No public access | High | |
| Customer Database | Data Encryption | Unencrypted data at rest | Encrypted data at rest | Medium | |
| Web Application Firewall | WAF Rules | OWASP Top 10 protection enabled | OWASP Top 10 protection enabled | Info | |
| Database Server | Default Port | Using default port 3306 | Using non-default port | Medium | |
| Cloud Storage | Version Control | Version control disabled | Version control enabled | Medium | |
| Web Server | Directory Listing | Directory listing enabled | Directory listing disabled | Medium | |
| Network Device | SNMP Configuration | Default SNMP community string | Strong SNMP community string | Medium | |
| Authentication System | Password Policy | Weak password policy | Strong password policy | Medium |