xysec
External Security Assessment

See What Attackers See First

> A lightweight, non-intrusive external security assessment that maps everything your company exposes to the internet, highlights risky configurations, and provides a prioritised remediation plan.

Learn About Threat Detection
Intelligence Briefing

Why Attack Surface Scanning?

Your attack surface is expanding constantly—cloud infrastructure, SaaS applications, remote services, shadow IT, and forgotten assets. Every exposed endpoint is a potential entry point for attackers. Our Attack Surface Scan surfaces the things that most often bite organisations: unknown or orphaned assets, exposed services and risky defaults like open connections, admin panels, directory listing, and debug endpoints; and misconfigurations. We also flag leaked secrets and credentials found in public code or pastes tied to your brand, outdated or vulnerable software identified via fingerprints and weak protocols, and third-party exposure such as typosquats and dangling records attributable to you. To make action straightforward, you get a unified asset inventory spanning domains, subdomains, IPs, ports/services, and tech stacks; a prioritised risk register with CVSS-aligned severity and clear business impact; and evidence-rich findings.

1000+
Assets Mapped
50+
Risk Types
24h
Initial Scan

Unified Asset Inventory

01

Complete visibility spanning domains, subdomains, IPs, ports/services, and tech stacks—all in one place

Prioritised Risk Register

02

CVSS-aligned severity ratings with clear business impact, so you know what to fix first

Quick-Win Roadmap

03

Focus teams on cutting top risks in days, not weeks, with trend tracking across repeat scans showing hygiene improvements

Detection Matrix

What We Find

The exposures that most often lead to breaches.

Unknown & Orphaned Assets

Servers, cloud resources, and domains your organisation forgot about or didn't know existed

01
  • Abandoned subdomains and forgotten DNS records
  • Orphaned cloud resources from decommissioned projects
  • Rogue servers spun up without security review
  • Shadow IT infrastructure outside official inventory

Exposed Services & Risky Defaults

Services left open to the internet with default or insecure configurations

02
  • Open administrative interfaces and panels
  • Directory listing enabled on sensitive paths
  • Debug and test endpoints exposed in production
  • Default credentials and configuration files

Leaked Secrets & Credentials

Secrets exposed in public repositories, paste sites, and code sharing platforms

03
  • API keys and tokens in public code repositories
  • Credentials in paste sites and documentation
  • Certificates and keys in exposed configuration files
  • Authentication secrets in version control history

Vulnerable Software & Weak Protocols

Outdated software versions and insecure protocol implementations

04
  • Unpatched services with known CVEs
  • Outdated frameworks and libraries via fingerprinting
  • Weak SSL/TLS configurations and expired certificates
  • Insecure protocol versions (SSHv1, TLS 1.0/1.1)

Third-Party Exposure

Risks introduced through external dependencies and brand impersonation

05
  • Typosquatting domains targeting your brand
  • Dangling DNS records and takeover vulnerabilities
  • Supply chain exposures via third-party services
  • Unauthorised use of your brand and trademarks
Target Audiences

Who We Work With

Executives who need confidence in their external security posture.

[01]

CEOs, CTOs, CISOs

Executives who need assurance that their organisation's external-facing assets are secure and that nothing critical is being overlooked. Our assessment provides board-level visibility into your attack surface with a clear prioritisation of what needs attention.

AUDIENCEACTIVE
Deliverables Manifest

What You Get

Actionable outputs, not just findings.

DELIVERABLE_01

Unified Asset Inventory

A comprehensive register of all your internet-facing assets—domains, subdomains, IP addresses, open ports, running services, and identified technology stacks. Know exactly what you're exposing to the world.

INCLUDED
  • >Complete domain and subdomain inventory
  • >IP address ranges and allocated resources
  • >Open ports with service identification
  • >Technology stack fingerprinting
  • +1 more
DELIVERABLE_02

Prioritised Risk Register

Every finding ranked by CVSS-aligned severity, exploitability, and business impact. Clear remediation steps tell your team exactly what to do, in order of priority.

INCLUDED
  • >CVSS-aligned severity ratings
  • >Business impact assessment for each finding
  • >Step-by-step remediation guidance
  • >Affected asset identification and context
  • +1 more
DELIVERABLE_03

Evidence-Rich Findings

Screenshots, proof-of-concept demonstrations, and detailed technical evidence for every finding. No ambiguity—your team sees exactly what we found and why it matters.

INCLUDED
  • >Screenshots and HTTP response evidence
  • >Proof-of-concept exploitation details
  • >Affected component identification
  • >Reference links to CVEs and advisories
  • +1 more
DELIVERABLE_04

Quick-Win Roadmap

A prioritised action plan that focuses your team on high-impact fixes that can be completed quickly. Cut your top risks in days, not weeks.

INCLUDED
  • >High-impact, low-effort remediation tasks
  • >Estimated effort for each fix
  • >Team assignment recommendations
  • >Progress tracking dashboard
  • +1 more
DELIVERABLE_05

Trend Tracking

Compare results across repeat scans to see your security hygiene improving over time. Track asset inventory growth, remediation progress, and emerging risks.

INCLUDED
  • >Historical trend analysis across scans
  • >Remediation progress tracking
  • >Asset inventory growth metrics
  • >Emerging vulnerability alerts
  • +1 more
Scanning Protocol

Our Approach

Lightweight, non-intrusive, and designed for operational reality.

We've designed our scanning methodology to be thorough without causing disruption. Our approach is safe, transparent, and respectful of your production environment.

PROTOCOL_01

Non-Intrusive Scanning

We use passive reconnaissance techniques wherever possible and rate-limited active scanning that won't impact your infrastructure or trigger security alerts.

PROTOCOL_02

Safe by Default

Scanning is conducted during agreed windows, with clear points of contact and pause procedures. We work with your teams, not around them.

PROTOCOL_03

Validated Findings

Every finding is validated to eliminate false positives before it reaches your inbox. Your team won't waste time chasing ghosts.

PROTOCOL_04

Context-Rich Reporting

Findings include business context, technical evidence, and clear remediation steps. No ambiguity about what's wrong, why it matters, or how to fix it.

Compliance Framework

Compliance & Audit Value

Demonstrate your security posture to auditors and stakeholders.

Attack surface scanning directly supports multiple compliance frameworks and provides auditable evidence of your security management practices.

ISO/IEC 27001

5 CTL
  • A.12.6.1: Vulnerability management—identification of vulnerabilities
  • A.12.6.2: Software vulnerability monitoring and remediation
  • A.13.1.1: Network controls and boundary protection
  • A.13.2.1: Information transfer policies and procedures
  • A.14.2.2: System acceptance testing with security validation

SOC 2

5 CTL
  • CC6.1: Logical and physical access controls
  • CC7.2: System monitoring for vulnerabilities
  • CC8.1: Security incident detection and response
  • CC3.6: Change management for infrastructure
  • CC4.1: Logical access restrictions for data

PCI DSS

5 CTL
  • Requirement 11.2: Regular vulnerability scanning
  • Requirement 11.3: Penetration testing
  • Requirement 2.2: System configuration standards
  • Requirement 1.1.6: Reviewing firewall rules
  • Requirement 6.5: Secure coding practices
Mission Protocol

Your Journey to Complete Visibility

A practical path from blind spots to managed attack surface.

Phase 12-3 days

Scope & Authorisation

We define the engagement scope—your domains, IP ranges, and any off-limits systems. We establish authorisation, communication channels, and escalation procedures before any scanning begins.

Deliverables:

  • Scope document with authorised targets
  • Scanning schedule and rate limits
  • Emergency contact and pause procedures
  • Authorisation documentation
Phase 21-2 weeks

Discovery & Scanning

We conduct passive reconnaissance and active scanning within the agreed scope. Findings are validated, enriched with context, and assembled into a comprehensive report.

Deliverables:

  • Complete asset inventory
  • Validated findings with evidence
  • Risk register with severity ratings
  • Executive summary with risk overview
Phase 32-4 weeks

Findings & Remediation

We walk through findings with your team, clarify technical details, and provide step-by-step remediation guidance. Re-scans verify fixes and update your risk register.

Deliverables:

  • Detailed findings briefing
  • Remediation guidance for each finding
  • Quick-win roadmap with priorities
  • Re-scan verification report
Phase 4Ongoing

Trend Analysis (Optional)

For ongoing engagements, we track changes across repeat scans—showing hygiene improvements, emerging risks, and asset inventory growth over time.

Deliverables:

  • Scheduled repeat scanning
  • Trend analysis across scans
  • Monthly or quarterly reports
  • Asset inventory change tracking
  • Hygiene score improvement metrics

Ready to See What Attackers See?

> Book a consultation to discuss your attack surface assessment. We'll help you understand your exposure, what's at risk, and what quick wins are available. No sales pressure, no jargon—just practical guidance on securing your external perimeter.

Learn About Threat Detection
SYSTEM READY
|
SCANNERS ACTIVE