— Reports

The deliverable your auditor accepts on the first read.

Every finding ships with reproducible PoC, CVSS, CWE/CVE, and SOC 2 / ISO / PCI mappings. White-label PDFs flow straight into customer security reviews.

— Sample report

Customer deepdive — three pages.

Generated nightly. Hand to your auditor, your customer, or your board.

ΛISEC
SECURITY ASSESSMENT
Acme Inc — Q2 2026
Continuous Penetration Test
REPORT ID · ASMT-2891
PERIOD · 01 Apr → 30 Jun 2026
TARGETS · 7 · CHAINS · 14
CRITICAL · 03 · HIGH · 07
SHA-256 · 7b2c…d91a CONFIDENTIAL
P. 01 — Cover
FND-2891-014 CRITICAL
Account takeover via /v1/auth/reset → JWT confusion
CVSS9.1 (CRITICAL)
CWE-287Improper Authentication
CVE
Assetapp.aisec.tools/api/v1
Reproduced24/24 attempts
The reset endpoint accepts a forged JWT signed with alg=none. Combined with email enumeration on /api/users/:id, an unauthenticated attacker takes over any account in two requests.
$ curl -X POST app.aisec.tools/v1/auth/reset \
-H "Authorization: Bearer eyJhbGciOiJub25lIn0..." \
-d '{"email":"target@…"}'
→ 200 OK
P. 14 — Finding
CHAIN-2891-A · CRITICAL
Unauthenticated → admin in 2 hops
1
Recon — exposed staging staging-2.aisec.tools discovered via cert-transparency
2
Probe — JWT alg=none accepted POST /v1/auth/reset returns 200 for forged token
3
Enumerate — IDOR /api/users/:id email harvested for any UUID in 0…1M range
4
Verify — admin takeover session minted as [email protected], 200 OK
P. 22 — Attack chain
Download sample PDF (1.4 MB)
What's in every report

Built for engineering. Accepted by audit.

PoC

Reproducible proof

Every finding ships curl + HTTP scripts. Re-run them yourself. They pass on exploit, fail on patch.

CVSS

CVSS v3.1 scoring

Vector string included. Severity rationalised against business impact, not just CVSS class.

CWE

CWE / CVE mapping

Every finding ties to a CWE class. Where a known CVE exists, we cite it and link the upstream advisory.

SOC

Control-framework mapping

SOC 2 CC, ISO 27001 A-controls, PCI DSS, HIPAA, flagged automatically per finding.

WL

White-label

Premium and Enterprise reports carry your brand, your typography, your customer disclaimer. Yours to ship.

Δ

Diff vs. last cycle

Every report opens with what's new, what's fixed, what regressed. No diff-archaeology in your inbox.

#

Chain of custody

SHA-256 hash chain across the report, evidence, and PoC artifacts. Tamper-evident by default.

EX

Export everything

PDF, JSON, SARIF, STIX. Findings flow into your SIEM, ticket queue, or auditor's portal.

Sample finding · live

The finding card, the way engineering reads it.

Same data, no PDF. Findings render as live cards in the dashboard, with a one-click "open in CLI" replay.

IDFND-2891-014
SeverityCRITICAL · CVSS 9.1
CWECWE-287 — Improper Authentication
Assetapp.aisec.tools/api/v1
First seen2026-06-12 04:14 UTC
Reproduced24 / 24 attempts
SOC 2CC6.1 · CC6.6
ISO 27001A.9.4 · A.14.2
Account takeover via /v1/auth/reset → JWT confusion

The reset endpoint accepts a forged JWT signed with alg=none. Combined with email enumeration on /api/users/:id, an unauthenticated attacker takes over any account in two requests.

replay in CLI open Jira export PDF copy curl
$ aisec replay FND-2891-014
POST app.aisec.tools/v1/auth/reset
   Authorization: Bearer eyJhbGciOiJub25lIn0...
   Body: {"email":"[email protected]"}
→ 200 OK · session=admin

GET /api/users/00000000
→ 200 OK · {"role":"admin", ...}

chain: recon → auth-bypass → idor → takeover
verified · CVSS 9.1 · 24/24 burst

$ aisec evidence FND-2891-014 --pdf
→ audit-FND-2891-014.pdf (812 KB)

Get a real report from your real stack.

One target, daily continuous coverage. The first chain lands before tomorrow's standup.

Activate protection Download sample PDF