Deep Scan

Active probing + optional repo analysis

$39 one-time or $29/month with continuous monitoring.

Includes surface scan, plus:

Tier 1: Active probing (always runs)

  • ·Auth endpoints: rate limiting, cookie flags, admin route exposure
  • ·API exposure: GraphQL introspection, Swagger/OpenAPI, debug paths
  • ·JS bundle analysis: API keys, Firebase config, JWT, Stripe keys
  • ·Infrastructure: CORS misconfiguration, HTTP method abuse, subdomain takeover
  • ·Provider security: Firebase rules probe, Supabase RLS check

Tier 2: Static analysis (with repo access)

Optional. Requires a GitHub repo URL or GitHub App authorisation after checkout.

  • ·Secrets in git history: committed credentials, hardcoded keys
  • ·Database security: SQL injection patterns, Firebase/Supabase rules
  • ·Auth implementation: JWT verify, password hashing, OAuth state param
  • ·Dependency audit: CVEs and abandoned packages
  • ·Unsafe code patterns: eval(), dangerouslySetInnerHTML, mass assignment

Also includes a PDF export and master fix prompt: a compiled list of all findings formatted for Cursor or Claude.

Start here

Plan

Re-scans every 30 days. Email alert on new findings. Cancel any time.

You'll configure GitHub access and test credentials after payment. FAQ →

Deep Scan | Talon