How Automated Penetration Testing Works at Risk72

Choose your plan on the pricing page and complete checkout via Stripe. After payment, you digitally sign a scoped authorization agreement that defines exactly which assets Risk72 is permitted to scan, test, and assess. No authorization signature, no scan begins. This is your legal protection — and ours.

A structured security interview across 8 critical domains. No technical background required — anyone in your organization can complete it:

• Network & Infrastructure Configuration
• Endpoint & Device Security
• Identity & Access Management
• Data Protection & Backup Practices
• Email Security & Phishing Controls
• Vendor & Third-Party Risk
• Physical & Operational Security
• Incident Response Readiness

Save your progress and return at any time. Responses remain editable until your run is submitted.

Our penetration testing engine silently scans your external footprint. What gets tested depends on your plan, but the engine covers:

• External web presence, SSL/TLS configuration, and certificate chains
• Exposed network services and open ports across your IP range
• DNS configuration and email security records (SPF, DKIM, DMARC)
• Known CVEs tied to your exposed software versions
• Data breach records and credential exposure linked to your domain
• Web application vulnerability scanning (OWASP Top 10 coverage)
• Internal network topology and lateral movement paths (Unlimited plan)

Non-intrusive. No downtime. No disruption to production.

Scan data and questionnaire responses are fed together into our AI analysis pipeline (powered by Anthropic’s Claude). The model correlates findings across all test types, generates severity rankings based on business context, and produces draft remediation guidance for every discovered vulnerability. The AI accelerates what would otherwise take a human analyst days.

A certified cybersecurity analyst reviews every AI-generated finding, validates severity ratings, removes false positives, adds business context where needed, and formally approves the report before it is released. This step is mandatory. No report ships without a human signing off. This is what separates Risk72 from a raw automated scanner.

Your dashboard unlocks. Your professional PDF report is generated. An email summary is sent. Everything is available immediately — no waiting for a follow-up call, no consultant debrief required. Your risk score, prioritized findings, and remediation roadmap are ready to act on.