For small & growing businesses
Scheduled scans, DNS/TLS checks, and forgotten-subdomain discovery - the basics enterprise scanners charge thousands a year for, built into Starter from £29/month.
Security Score
Good - minor issues
my-startup.io
just now
TLS certificate expires in 4 days
issuer: Let's Encrypt · no auto-renewal detected
SPF record missing - spoofing risk
No SPF TXT record found on root domain
Forgotten staging subdomain still live
staging.my-startup.io · exposed admin login
AI Summary
Overall posture is solid. One certificate needs renewing this week, and a staging subdomain with an exposed admin login should be taken down or locked behind auth.
Features for small & growing businesses
Scanning
HTTP/TLS, HTML, network traffic, JavaScript CVEs, tag managers, third-party supply chain, platform misconfigurations, server/CMS software CVE checks, and AI synthesis all run on every scan.
Platform Security
Detects the most common security failures in apps built with Lovable, Supabase, Base44, Bubble, and similar AI app builders - publicly readable databases, exposed service_role keys, and known platform CVEs.
Scanning
Web server software disclosed in response headers (Apache, nginx, IIS, PHP, and more) is matched against the National Vulnerability Database, with the exact version and CVE ID shown for anything found.
Scanning
Detects the CMS or e-commerce platform a site runs on - WordPress, Joomla, Drupal, Magento, Shopify, Wix, Squarespace, Webflow, and more - and checks any self-hosted, version-disclosed platform against the National Vulnerability Database.
DNS & Subdomains
SPF, DMARC, DNSSEC, CAA, mail and nameserver records - every check shown, even when clean, so you can see exactly what was verified.
DNS & Subdomains
Certificate issuer, expiry, protocol version, cipher suite, and key strength - flagging weak or expiring certificates before they become an outage or a warning page.
DNS & Subdomains
Finds forgotten staging, dev, and admin subdomains via wordlist enumeration, with a quick reachability check on each - and a one-click button to run a full scan on any of them.
AI Investigation
An AI agent crawls your entire site - or a defined scope - running all 8 layers on every page it decides is worth investigating.
AI Investigation
AI-written remediation steps specific to each finding - not generic advice. Tells your developer exactly what to change and why.
Reports
Timestamped, formatted PDF with your scan details, findings, and an attestation block. Accepted by auditors for SOC2 and ISO 27001 evidence.
Automation
Set a weekly, monthly, or quarterly cadence and scans run automatically. Never miss a security check-in for SOC2 or ISO 27001 again.
Automation
Get notified when a scheduled scan completes or when a new critical or high severity finding is detected - before your next scheduled check.
Pricing
Full-site scans, DNS/TLS analysis, and scheduled monitoring - at a fraction of what enterprise scanners charge.