Prox Offensive Information Security
How we work

A structured, evidence-based methodology.

Authorized, repeatable, and built around findings you can actually act on — with verification for every fix.

Core principles

The non-negotiables every engagement runs by.

Authorization required

We do not conduct any testing without explicit written authorization from the asset owner. No exceptions.

External-only scope

We focus exclusively on externally-visible attack surface — no internal network access, social engineering, or physical testing.

No exploitation

We validate vulnerabilities through evidence collection, not exploitation. We confirm issues without causing damage or accessing sensitive data.

Evidence-based reporting

Every finding includes proof — screenshots, headers, DNS records, or tool output — so you can verify and reproduce results.

Testing approach

Passive reconnaissance combined with active, non-intrusive validation.

1

Passive Reconnaissance

DNS enumeration, certificate transparency, WHOIS, subdomain discovery, and technology fingerprinting — no direct interaction with target systems.

2

Active Validation

Port scanning, service identification, version detection, and configuration analysis — direct but non-intrusive interaction with in-scope systems.

3

Vulnerability Identification

Analysis of exposed services, outdated software, misconfigurations, sensitive data exposure, and authentication weaknesses.

4

Prioritized Reporting

Findings categorized by business risk, with clear remediation guidance and evidence for each issue.

Techniques

Standard external reconnaissance, tuned to your scope.

  • Passive DNS enumeration and certificate transparency analysis
  • Subdomain discovery and attack-surface mapping
  • Active port scanning (TCP top 1000 ports)
  • Service fingerprinting and version detection
  • SSL/TLS configuration review
  • Security header analysis

Notification protocol

If we discover a critical vulnerability during testing — something actively exploitable that poses immediate risk — we notify you within 24 hours, before the final report, and pause further testing if needed.

Scope boundaries

External-only testing has inherent limits. Assessments do not include:

  • Internal network vulnerabilities
  • Application-layer logic flaws (requires authenticated testing)
  • Social engineering or phishing simulation
  • Physical security assessment
  • Source code review
  • Wireless network testing

Need coverage beyond external recon? We can discuss expanded scope or recommend appropriate partners.

Data handling

How we treat your assessment data.

  • Assessment data encrypted in transit and at rest
  • Findings retained for 90 days post-delivery, then securely deleted
  • We do not share client data with third parties
  • NDA available upon request prior to engagement

How we rate findings

Each finding is rated by practical impact, with evidence and a fix.

High

Immediate risk — exploitable exposure or critical misconfiguration.

Medium

Meaningful weakness that raises risk or fails compliance checks.

Low

Hardening opportunity or information disclosure, low effort to fix.

Want to see the output? Download a sample report — anonymized, with real finding structure, evidence, and remediation roadmap.

Ready to find out what's exposed?

Book a short call and we'll scope the right engagement for your needs.

Request a Proposal Email Us