Free Surface Recon
$0
A lightweight reconnaissance pass that identifies obvious public exposure and helps scope deeper testing.
Start Free Surface Recon- Surface summary
- Notable exposure list
- Suggested audit scope
Audit services
Choose the right audit path before checkout.
WardenBot.ai starts with authorized scope, validates real exploitability, and turns confirmed findings into agent-ready remediation your team can review and apply.
Engagement options
Recon, deep testing, AI review, and beta continuous checks.
This page explains the audit paths. The pricing page explains payment flow and manual scope review before checkout.
Deep DAST Audit
$1,500
A focused dynamic application security test for authorized web apps and APIs, combining automation with human validation.
Request Scope Review- Prioritized findings report
- Evidence summaries and exploit paths
- Remediation markdown for engineers and AI coding agents
- Retest criteria for each confirmed issue
AI + Infra Audit
$5,000
A combined assessment for AI-enabled applications, deployment configuration, and internet-facing infrastructure.
Request Scope Review- AI application risk review
- Infrastructure exposure summary
- Validated vulnerability findings
- Agent-ready remediation backlog
- Executive summary for security and engineering leads
Continuous CI/CD
Beta
Continuous security checks designed to turn approved test coverage into repeatable pipeline feedback.
Join Beta Waitlist- Beta onboarding plan
- Proposed test profile
- Recurring findings feed
Audit flow
Every paid audit is scoped before payment.
Active testing starts only after target ownership, scope, safety limits, blackout windows, and emergency contact details are reviewed.
- 01
Define scope
Submit domains, apps, APIs, credentials, test windows, and off-limits actions for manual review.
- 02
Test safely
Run approved dynamic checks with rate limits, non-destructive payloads, and human oversight for sensitive cases.
- 03
Validate findings
Confirm impact with evidence summaries, affected components, exploit paths, and severity rationale.
- 04
Remediate and retest
Use agent-ready markdown to guide fixes, then validate against explicit retest criteria.
Agent-ready output
A fix brief an AI coding agent can execute.
agent-fix.md
# agent-fix.md
## Finding
Cross-tenant report reads are possible through /api/workspaces/:id/reports when a valid session from another account supplies a guessed workspace id.
## Objective
Block access unless the authenticated account owns the workspace. Preserve existing owner access and audit logging.
## Suggested files
- src/api/workspaces/[id]/reports.ts
- src/lib/authz/workspaces.ts
- tests/api/workspace-reports.test.ts
## Implementation notes
1. Load the workspace by id before reading reports.
2. Compare workspace.accountId with session.accountId.
3. Return 403 with no report metadata when ownership fails.
4. Keep the existing audit event for allowed reads.
## Acceptance tests
- Owner can read reports for their own workspace.
- Non-owner receives 403.
- 404 and 403 responses do not leak report counts or names.
- Red-team replay command now fails with 403. Ready for proof
Not sure which audit fits?
Start with Free Surface Recon, then request scope review if deeper web/API or AI + Infra testing is warranted.