RemedSec AI

How it works

A safe, repeatable path from authorization to remediation

RemedSec AI begins with permission, runs only non-intrusive public discovery, and turns findings into clear business decisions.

  1. Step 1

    Asset intake & authorization capture

    • Create an organisation account and add owned websites and domains.
    • Confirm assessment scope and explicit permission to assess.
    • Authorization evidence is recorded and retained for every asset.

  2. Step 2

    Safe public discovery

    • Non-intrusive checks across TLS, headers, cookies and DNS.
    • Public technology and version fingerprinting from visible signals.
    • Powered by OWASP ZAP, Nuclei and internal passive checks.

  3. Step 3

    Findings & report presentation

    • Risk explained in business language, not raw scanner output.
    • Observed exposure clearly separated from confirmed exploitability.
    • Each finding includes context, impact and a recommended action.

  4. Step 4

    Remediation roadmap & next steps

    • A prioritised remediation roadmap, framed as opportunities.
    • Option to request deeper authorized assessment as a booked service.
    • Re-scan to confirm exposures have been addressed over time.

Exposure report

example-council.gov.au

Authorized

Risk score

Moderate

Findings

7

Scope

Public

  • TLS certificate expires in 12 days

    Medium

    Visitors may see browser warnings. Renew before expiry to avoid downtime.

  • Missing security response headers

    Low

    Content-Security-Policy and HSTS not set on the public site.

  • Outdated CMS version detected

    Info

    Public fingerprint suggests an unsupported release. Remediation recommended.

Observed exposure only - not confirmed exploitable. Deeper validation requires explicit approval.

Guardrails on every assessment

No intrusion

Discovery only - no exploitation, credential attacks or bypass attempts.

Permission-bound

Nothing runs until scope and authorization are confirmed.

Transparent

You see exactly what was checked and what was observed.

What you provide

Assessment inputs

  • Organisation details and contact owner
  • Owned or authorized domains, apps, portals, or APIs
  • Assessment boundary notes and approval context
  • Preferred language for reporting and follow-up

What you receive

Decision-ready outputs

  • A business-readable summary of visible exposure
  • Finding-by-finding context, impact, and confidence notes
  • A prioritised remediation roadmap for internal teams
  • A clear recommendation on whether deeper assessment is warranted

See what your public-facing systems are exposing

Register an owned or authorized website, confirm scope, and get a business-readable exposure report. No intrusion, no exploitation - discovery only.

Request a scanView services