Who This Is For
- CTO/CISO: Governance, risk, and compliance posture
- Security Managers: Safe operating controls, validation, and reporting
- Developers: Clear fix instructions and fast retest flow
Our Commitments
- Safety-by-default in all operations
- Rigor through AI validation and human-overridable workflows
- Retest included to confirm fixes
- Compliance-ready reporting mapped to common frameworks
- Minimal data collection and privacy-first telemetry
AI Safety and Operational Guardrails
SQUR provides autonomous pentesting with stringent safety controls:
- Scoped testing only: We respect defined scopes and roles of engagement.
- Controlled execution: Rate limits, environment isolation, and escalation thresholds.
- Legal and ethical constraints: Out-of-scope protections, denial-of-service avoidance, and safe payload handling.
- Full transparency: Viewable action history and reasoning for findings.
- Continuous monitoring: Real-time safety checks throughout testing.
Validation and Retest
We reduce false positives and ensure accuracy:
- AI validation reduces false positives before findings reach you.
- Each finding includes reproduction steps and remediation guidance.
- Retest is included to verify that fixes are effective and stable over time.
Compliance-Ready Reporting
SQUR reports are structured to support your compliance efforts:
- Reports mapped to ISO 27001 and SOC 2 evidence collections.
- Coverage includes web app and API testing.
- Single-click export for auditors.
Note: We do not claim certification ourselves; we provide mapped evidence to accelerate your compliance journey.
Data Handling and Privacy
We minimize data collection and protect what we store:
- We collect only data needed for testing, reporting, and retest.
- Data residency: Stored in EU cloud regions with encryption at rest and in transit.
- Privacy-friendly analytics: No invasive tracking or personally identifiable information (PII) sharing.
- Short retention: Aligned to retest needs and legal requirements.
Platform Security
Our platform is built with security-by-default:
- Encryption: TLS in transit and managed KMS at rest.
- Access control: Role-based access with least privilege and audited access paths.
- Secure SDLC: Dependency scanning and vulnerability management for the platform itself.
- Defense in depth: Hardened runtime, network-level protections, and strict content security policies.
Responsible Disclosure and Security Contact
Service Levels and Reliability
- Typical pentest completion: Within 24 hours for scoped targets.
- Support: Best-effort support during testing windows.
- Enterprise SLAs: Available on request for custom agreements.
Independent Assurance Roadmap
Third-party assessments and external audits are planned. We'll publish summaries and letters of attestation here when available.
Frequently Asked Questions
What's included in a pentest?
Live autonomous pentest (web + API), actionable findings, compliance-ready reports, and a retest to confirm fixes.
Is this safe for production?
Yes—strict scope controls, rate limits, and non-destructive techniques. For high-risk targets, we coordinate windows and added safeguards.
Does this replace manual pentesting?
It complements it, increasing coverage and speed. Human-led tests can still be valuable for bespoke logic and social vectors.
How do you reduce false positives?
AI validation with evidence requirements and deterministic checks before a finding is reported.
How is data protected?
Encryption at rest and in transit, least-privilege access, minimized collection, and short retention aligned to retest needs.
Where is data stored?
Data is stored in EU (europe-west1) cloud regions with managed encryption and strict access controls.