Aegisify Audit & Scan Profile Matrix
Included in the Free Test
- HTTPS/TLS reachability validation
- HTTP to HTTPS redirect review
- HSTS security header check
- X-Content-Type-Options review
- Cookie security flag review
- Mixed-content signal detection
- Public WordPress artifact exposure review
- XML-RPC exposure detection
- WordPress metadata leakage detection
- REST API route discovery
- OpenAPI / Swagger exposure discovery
- OWASP-style injection indicator probes
- Login and session exposure review
- and more…
Public artifact and exposure checks
Every free test includes a findings report with prioritized security signals across:
- Transport and header posture
- Public exposure and sensitive artifacts
- Web and API attack surface visibility
- OWASP-style risk indicators
- Login and session-related exposure signals
Aegisify Free Test performs 59 external website security checks and delivers a clear findings report covering transport security, exposure risk, API discovery, OWASP-style attack indicators, and login/session surface review.
Static and Dynamic Comparison Matrix
Everything included in the Standard and Pro Subscription
| Capability Area | Quick Defensive Hygiene Scan | Standard Defensive Scan | Deep Agent Assist Scan | Quick OWASP Top 10 | Standard Web + API |
|---|
| HTTPS / TLS reachability | Yes | Yes | Yes | Yes | Yes |
| HTTP → HTTPS redirect review | Yes | Yes | Yes | Yes | Yes |
| Security header presence review | Yes | Yes | Yes | Yes | Yes |
| Cookie flag review | Yes | Yes | Yes | Yes | Yes |
| Mixed-content signal review | Yes | Yes | Yes | Yes | Yes |
| Public risky file / artifact exposure checks | Yes | Yes | Yes | Yes | Yes |
| WordPress generator leakage review | Yes | Yes | Yes | Yes | Yes |
| User-enumeration hint review | Yes | Yes | Yes | Yes | Yes |
| Web route discovery | Yes | Yes | Yes | Yes | Yes |
| Parameter and form observation | Yes | Yes | Yes | Yes | Yes |
| Attack surface mapping | Yes | Yes | Yes | Yes | Yes |
| REST API discovery | Yes | Yes | Yes | Yes | Yes |
| GraphQL endpoint discovery | Yes | Yes | Yes | No clear proof | No clear proof |
| OpenAPI / Swagger discovery | Yes | Yes | Yes | No clear proof | No clear proof |
| Login / auth endpoint inventory | Yes | Yes | Yes | Yes | Yes |
| Session / replay readiness checks | Yes | Yes | Yes | Yes | Yes |
| Nonce-aware workflow readiness | Yes | Yes | Yes | Yes | Yes |
| Multi-role context readiness | Yes | Yes | Yes | Limited | Limited |
| Software inventory baseline | Yes | Yes | Yes | No | Limited / inferred via inventory |
| WordPress hardening posture review | Yes | Yes | Yes | No | Limited / indirect |
| Edge protection visibility | Yes | Yes | Yes | No | No |
| Browser DOM route discovery | No | Yes | Yes | No | Yes |
| Dangerous JS sink / eval pattern review | No | Yes | Yes | No | Yes |
| Secret / token leakage pattern review in JS/DOM | No | Yes | Yes | No | Yes |
| Third-party script inventory | No | Yes | Yes | No | Yes |
| JS endpoint extraction | No | Yes | Yes | No | Yes |
| Source-map exposure review | No | Yes | Yes | No | Yes |
| Reflected XSS indicator probing | No | No | No | Yes | Yes |
| SQL injection indicator probing | No | No | No | Yes | Yes |
| NoSQL injection indicator probing | No | No | No | Yes | Yes |
| Open redirect probing | No | No | No | Yes | Yes |
| SSRF indicator probing | No | No | No | Yes | Yes |
| CSRF / nonce indicator review | Limited defensive readiness | Limited defensive readiness | Stronger readiness | Yes | Yes |
| Path traversal indicator probing | No | No | No | Yes | Yes |
| Unauthenticated admin boundary review | No | No | No | Yes | Yes |
| API auth-boundary review | No | No | No | Limited | Yes |
| Unauthenticated non-GET API success review | No | No | No | No | Yes |
| Excessive data exposure review | No | No | No | No | Yes |
| Method mismatch review | No | No | No | No | Yes |
| Object ID pattern review | No | No | No | No | Yes |
| Schema / route mismatch review | No | No | No | No | Yes |
| Deeper privileged / role capability inspection | No | No | Yes | No | Limited |
| Remote agent route use | Limited | Standard | Expanded | No | Yes |
Advanced Security Scan Comparison Matrix
included Only in the Business Subscription
| Difference area | Deep Auth Attack Surface | Automated API Discovery | Prioritize Critical Front-End Issues |
|---|---|---|---|
| Requires saved role credentials | Yes | No | No |
| Uses login macro builder | Yes | No | No |
| Uses protected-path validation | Yes | No | No |
| Performs per-role login replay | Yes | No | No |
| Performs role comparison | Yes | No | No |
| Performs session aging / logout checks | Yes | No | No |
| Focuses on auth/session/access-control evidence | Yes | No | No |
| Focuses on REST route harvesting | Yes | Primary | No |
| Focuses on GraphQL endpoint/schema discovery | Yes | Primary | No |
| Focuses on OpenAPI/Swagger discovery | Yes as API depth | Primary | No |
| Focuses on API inventory and route enrichment | Yes | Primary | No |
| Focuses on browser surface | Yes | Limited / not primary | Primary |
| Focuses on source maps and front-end scripts | Yes as supporting depth | No | Primary |
| Focuses on DOM/client-side weakness heuristics | Yes | No | Primary |
| Best use of browser-assisted discovery | Useful after auth contexts exist | Not primary | Primary |
| Best fit for saved remote browser worker settings | Useful | Optional but not defining | Yes |
| Best for credentialed post-login mapping | Yes | No | Only indirectly if Deep Auth contexts exist |
| Best for API-first website listing | No | Yes | No |
| Best for front-end-first website listing | No | No | Yes |