Security assessment FAQ
Direct answers to the questions buyers ask most often before they book or scope a review.
What does a Raijuna security assessment actually include?
A typical engagement includes scoped attack-surface mapping, deep manual testing, proof-of-concept validation for every finding, an executive summary, technical remediation guidance, and verification retesting after fixes.
How long does a typical assessment take?
Most engagements complete in under 10 business days from kickoff through report delivery, depending on scope and how much surface area needs to be covered.
How do I know whether I need a web app review, API review, or something broader?
If you already know the main risk surface, you can scope directly around it. If not, use the scoping wizard or the baseline tools first so the recommendation is grounded in your product and current signals.
Can I start with a lighter step before committing to a full assessment?
Yes. The baseline tools and workspace are designed as lower-friction first steps when you want more signal before moving into a fully scoped manual review.
What kinds of vulnerabilities does Raijuna usually find?
Common findings include broken access control, authentication and session flaws, API exposure, business-logic abuse, infrastructure misconfiguration, and issue chains scanners usually miss.
Are findings actually validated or just listed?
Findings are validated with proof-of-concept reproduction. The goal is to show what is genuinely exploitable, not just enumerate theoretical issues.
What happens after the report is delivered?
Use the report as a remediation plan, then return for retest or follow-up validation after fixes are implemented. The process is meant to end in confirmed remediation, not just delivery.
Can Raijuna help if we are close to launch?
Yes. A focused pre-launch review can prioritize the highest-risk paths before release when time is limited and confidence matters most.
Can we contact Raijuna with results from the free tools?
Yes. Quiz, checklist, scan, workspace, and scoping wizard flows all support carrying context into contact so you do not need to rewrite everything manually.
What if we are not sure we are ready yet?
That is normal. Use the comparison pages, buyer journey, baseline tools, and scoping wizard to narrow the next step before booking. The path is meant to be progressive, not all-or-nothing.
Use the scoping wizard after reading the FAQ
If the FAQ answered the process questions but you still need help choosing the exact review, use the wizard to turn your situation into a concrete next step.
Answer a few short questions and get a suggested engagement path with the right next step.
Need a buyer-side vendor checklist too?
If your next question is how to evaluate a pentest vendor or what a useful deliverable should contain, use the procurement page before you scope.
Open procurement checklistReady to scope the next step?
If the FAQ removed the uncertainty, move into the assessment or contact flow now. If you still want more context, use the buyer journey, comparison pages, or industry hub first.