Rules of engagement
Authorized, scoped, and documented.
These rules protect customers, users, and audit integrity. They apply to free recon, scoped audits, and future Continuous CI/CD beta work.
- Testing requires authorization from the asset owner or authorized representative.
- Paid audit scope is confirmed manually before checkout.
- Rate limits, excluded systems, production constraints, and sensitive data rules are documented before testing.
- Findings are reported privately with evidence, impact, and remediation guidance.