Cybersecurity Audit · Free Initial Review

A free, non-intrusive look at how your online systems are exposed.

Get a free, non-intrusive external cybersecurity audit of your website and online systems. Calm validation, evidence-led, no strings. Prioritised findings, what's already working, and what was NOT observed.

€0 cost 0–48h turnaround Zero disruption EU/IE data jurisdiction

Request your free report →

What we cover (8 areas)

DNS & Domain Posture

DNSSEC, CAA records, mail authentication (SPF, DKIM, DMARC enforcement), wildcard exposure.

Edge & TLS

HTTPS configuration, TLS versions, HSTS depth, certificate transparency, origin-server leak risk.

Security Headers

CSP, X-Frame-Options / frame-ancestors, Referrer-Policy, deprecated headers (Expect-CT, X-XSS-Protection).

Authentication Endpoints

Public exposure of login portals, B2B subdomains, redirect chains, mixed-protocol traps.

API Surface

Public-info endpoints, CORS policy strictness, GraphQL introspection, rate-limit signals.

Cookies & Sessions

Secure / SameSite / HttpOnly attributes, session ID exposure, third-party cookie usage.

Email Spoofability

Whether attackers can credibly send mail as your domain — DMARC enforcement, p=reject, alignment.

Information Leakage

Hostnames, internal infrastructure references, template placeholders, version disclosure, error verbosity.

What this review IS

External, public-surface review only.
Read-only HTTP and DNS.
Evidence captured in your report (headers, redirect chains, DNS records).
Findings prioritised: validate first vs. best-practice hardening.
Confirmation of the strengths already in place.

What this review is NOT

No login attempts or password testing.
No fuzzing, scanning of admin paths, or input injection.
No exploitation of any finding.
No access to private data, customer records or internal systems.
Nothing that could disrupt service for real users.

What you receive

PDF deliverable, typically 8–14 pages depending on what we find. Branded for your organisation. Marked Confidential — for the named recipient only.

Executive summary

A two-paragraph plain-English summary your CEO and your engineer will both understand.

Scope & methodology

Exactly what we looked at, exactly what we didn't.

Priority items to validate

The 2–6 things that most warrant a closer look — each with the evidence and a recommendation.

What's already working

The controls and configurations doing their job today. Useful for board reporting and renewals.

Lower-priority hardening

Best-practice tweaks. Worth doing, not urgent.

What was NOT observed

Explicit confirmation of the risks we did not find — exposed credentials, breach signals, exploitable issues.

What this means for your organisation

0–48 hours turnaround. Most reports go back within 48 working hours.
2–6 priority items, on average. Enough to action quickly. Few enough that nothing falls through the cracks.
100% service uptime during the review. Nothing we do touches your live transactions, sessions, or admin surfaces.
EU / IE data jurisdiction. The report and any temporary working copies stay within EU storage. Findings are never shared without written instruction.

Optional next step — paid deep-dive audit

CVSS v3.1 scoring, CWE mapping, confirmed vs. requires-validation flags, and a 0–30 / 30–90 / 90–180 day remediation roadmap. Authenticated review of admin and B2B surfaces — under written authorisation, on your schedule, without disrupting service. Fixed price, scoped before we start, retainers available for quarterly reassessments.

Request the free report

Email [email protected] with the domain you want reviewed, or use the form on the live page.

← Back to Intellix snapshot · sitemap

Generated 2026-05-16 13:16 UTC