Deep Scan

Find what's exposed before someone else does.

Active probing + optional repo analysis. $19.99 one-time or $14.99/month.

500+ apps scanned

See what you get

The deep scan builds on a full surface scan. Here's what a surface report looks like: your deep report goes further.

View sample report →

Includes surface scan, plus:

Tier 1: Active probing (always runs)

  • ·Are your login endpoints rate-limited, or can someone brute-force them?
  • ·Is your API leaking routes it shouldn't: GraphQL introspection, Swagger, debug paths?
  • ·Are API keys, Firebase config, or Stripe keys hardcoded in your JS bundles?
  • ·Is your CORS policy misconfigured: can other sites make authenticated requests as your users?
  • ·Are your Firebase rules or Supabase RLS policies actually enforced?

Tier 2: Static analysis (with repo access)

Optional. Connect a GitHub repo after checkout for full code-level analysis.

  • ·Secrets committed to git history: keys, tokens, passwords
  • ·SQL injection patterns, unsafe Firebase rules, Supabase RLS gaps
  • ·JWT verification disabled, weak password hashing, missing OAuth state param
  • ·CVEs in your npm/pip dependencies
  • ·eval(), dangerouslySetInnerHTML, mass assignment vulnerabilities

Delivered as a PDF with a master fix prompt: a compiled list of every finding formatted for Cursor or Claude so you can patch everything in one session.

Start here

Plan

You'll configure GitHub access and test credentials after payment. Both are optional. FAQ →

Deep Scan | Talon