The platform performs hundreds of audit checks, from Domain Zone Transfers, SSL, Software Vulnerabilities based on NIST databases, specific CMS checks (like WordPress), small services bruteforce, subdomain takeovers, missing security headers, exposed credentials and more.
However, the platform itself does not not perform a Deep Dynamic Audit on web application level (like Burp Suite, for example), as we believe that manual interaction is needed to perform this task in a correct way.
If you’re interested, we also provide manual deep dynamic audits for web applications as a service 🙂
It really depends on the amount of assets. For example, if you only have 3 domains/subdomains and a couple of websites, a full discovery & audit will not take longer than a few minutes. However, if you have hundreds of thousands of subdomains and websites, it can take hours.
The platform will report the findings, most of them with a remediation section where we explain how to fix the issue in a generic way, but we don’t deploy or implement those.
Yes, on every run, the platform will perform all the checks again. If an open finding is fixed on the next runs, it will be automatically marked as solved. You don’t have to manually mark those as solved.