CyberOrbit produces ISO 27001, SOC 2 and PCI-DSS aligned penetration test reports: methodology, evidence, CVSS, remediation and re-test sign-off, in days, not quarters.
Every security lead has run this maths: the SOC 2 deadline is in six weeks, the pentest firm needs eight, the SOW is three weeks behind on legal, and the auditor wants evidence formatted just so. Something has to give. Usually it's the pentest.
Six rounds of email to agree IPs, assets, windows, and rules of engagement. By the time the SOW is signed, the auditor is already on your case for evidence.
"We spent four weeks on the scoping call before anyone touched a scanner.", Head of Security, Series-B SaaS
Findings without CVSS. Evidence buried in screenshots. Remediation guidance that says "patch the system." The auditor sends it back with a request for "more rigour", and you've burned a fortnight.
"The PDF was 84 pages and our auditor flagged 12 findings as not actionable.", vCISO, healthtech
You fix the criticals. You need a re-test to close the audit finding. The firm quotes you for a brand-new engagement, and the loop starts again. Compliance becomes a budget line, not a control.
"Re-test was 60% of the original cost. We deferred it to next year.", Compliance Manager, fintech
From kickoff to signed-off audit artifact, every assessment moves through the same four stages. No surprise scope changes, no re-test invoices.
Drop in your in-scope domains, IPs, and accounts. CyberOrbit generates a draft SOW, rules of engagement, and an authorisation letter ready for your auditor.
Reconnaissance, vulnerability validation, and exploitation chains run continuously — with every action timestamped, attributable, and evidenced in chain-of-custody logs.
Findings rendered with CVSS, CWE, OWASP and framework mapping, business-language impact, and step-by-step remediation. Reviewed and signed by a certified security professional.
You remediate. We re-test, evidence the fix, and reissue a signed letter — included, not invoiced. Hand the bundle to your auditor and close the finding.
CyberOrbit runs the assessment as a human pentester would, but in parallel, continuously, and with every step machine-evidenced. We've grouped the work into the categories your auditor asks about.
Subdomain enumeration, certificate transparency, exposed services, dangling DNS, and orphaned assets: everything an outsider can find before they touch your perimeter.
OWASP Top 10 and API Top 10 coverage with authenticated flows, broken-access-control chains, business-logic testing, and validated exploit paths. Not just scanner output.
Open ports, weak ciphers, end-of-life services, default credentials and unsegmented networks, mapped to CVEs with reachable exploitation, not theoretical CVSS.
IAM misconfigurations across AWS, Azure and GCP. Over-privileged service principals, public S3, dormant admin accounts, and SSO bypass surfaces.
SPF, DKIM, DMARC posture; lookalike domain detection; impersonation pathways. Auditors increasingly want this and most reports skip it.
Findings linked into plausible exploitation paths: "this leaked credential reaches this exposed admin via this misrouted DNS", so remediation is prioritised by blast radius, not CVSS alone.
CyberOrbit pairs frontier reasoning models with fast open-source models on Groq, so every finding is generated, cross-checked, and validated before it reaches the report. The result: pentest-grade depth without scanner-grade false positives.
GPT-5.5 and Claude Opus 4.6 plan the engagement, write the exploit chain, and explain every finding in plain English. Pathfinder reconnaissance fingerprints the stack first so the right scanners run on the right targets.
Llama, Qwen, and Mixtral instances on Groq inference run hundreds of validation passes per finding in parallel — fast enough to test every payload variant without the per-token cost of a frontier model on each call.
Every finding is generated by one agent and checked by another. Disagreements are resolved by a third reasoning model with access to the raw HTTP traffic. False positives don't make it into the report — they get caught at the validation layer, not by your auditor.
After scanners complete, an isolated Ubuntu sandbox runs adaptive payloads with nmap, sqlmap, nuclei, and custom Python — every action timestamped and hashed into the chain-of-custody log. The exploit is real, the evidence is real, the screenshots are real.
Inference: OpenAI · Anthropic · Groq · Together
Six artifacts. Each one written to be the answer to a specific auditor question — so when control evidence is requested, you forward a section, not a 100-page PDF.
One-page board view: severity distribution, attestation, posture trend versus last engagement, and the three remediations that close the biggest exposure.
Frameworks followed (PTES, OWASP, NIST SP 800-115), targets in/out of scope, dates, tooling, and rules of engagement — signed and dated.
Every finding carries CVSS 3.1, CWE class, OWASP category, framework cross-references (ISO A.8.29, SOC 2 CC7.1, PCI 11.3), and machine-readable JSON for ingestion into GRC tools.
Timestamped logs, screenshots, request/response captures, and the hash trail proving the test happened, when, and by whom. The bit auditors keep asking for.
Per-finding fix steps, owner role suggested, effort estimate, and detection rules so blue-team can verify when the fix lands.
Reviewed and signed by a certified security professional. Re-test addendum issued within 30 days of remediation and bundled with the original engagement, no second SOW.
Every finding carries cross-references so the same report serves multiple audits — without re-formatting the evidence.
One-time or continuous — pick how you engage. Re-test included on every tier. No per-asset surprise bills.
A full external penetration test — reconnaissance, exploitation, attack chains — delivered as a signed, audit-ready report within 48 hours. No SOW negotiation, no 6-week wait. Re-test addendum included at no extra cost.
Growth-stage SaaS · VP Engineering / CTO
$1,199/mo annual · $14,388/yr
Series B+ · Head of Security / CISO
$2,399/mo annual · $28,788/yr
Mid-market & regulated · CISO / Director
Add audit-ready penetration testing to your service stack. White-labelled reports, no pentesters to hire. Partner pricing available on application.
All tiers include certified professional sign-off · re-test addendum · chain-of-custody evidence · framework cross-references
Sharpened versions of the building blocks inside the platform, useful on their own. No signup required. If you're scoping a problem, start here.
Audit HSTS, CSP, X-Frame-Options, and friends in seconds.
Cipher suites, certificate chain, vulnerability checks, same engine your auditor uses.
SPF, DKIM, DMARC posture and record health for any domain.
Enumerate live subdomains via certificate transparency and passive DNS.
CVSS, KEV listing, exploitation likelihood, vendor advisories, all in one search.
Score risk likelihood × impact using the OWASP methodology.
The questions that come up in every scoping call. If yours isn't here, book the walkthrough below — we'll give you a straight answer in plain English.
Book a 20-minute walkthrough. We'll show you the report your auditor will see, and the evidence chain underneath it.