External digital exposure review
We review from the outside what anyone can see of your company: exposed files, backups, applications, and configurations. We also check whether the visible exposure is still active or remains publicly indexed.
Metepec, MX
What we review
- Domains and subdomains visible from the internet
- Backups, archives, and forgotten paths left in production
- Exposed applications and admin panels
- Expired or misconfigured certificates, private keys, credentials, tokens, and exposed configuration files
- What got indexed by search engines, with prioritized evidence
The initial review runs from the outside, without modifying systems or requesting access. If internal containment or validation is needed, that scope is agreed separately.
Pricing
The initial external review starts at $7,500 MXN plus VAT and covers one primary domain, the external assets included in the agreed scope, prioritized evidence, and an executive report. When several systems, domains, third parties, or sensitive exposed information are involved, an expanded review or a response engagement with independent scope is proposed.
FAQ
Do you need access to our systems?
For the initial review, no: we see the same as anyone on the internet, with no credentials. If containment or internal validation is later required, access is agreed separately and tightly scoped.
What do you deliver?
An executive report with prioritized findings, the evidence, and recommended actions to reduce exposure. Clear for leadership, actionable for whoever operates the systems.
Does this fix the exposure?
The review identifies and prioritizes. Containment and later validation are quoted by scope, because they depend on how many systems and third parties are involved.
We already closed the open folder. Is this still useful?
Yes. Closing the visible access does not, on its own, confirm that all public exposure is gone. We check whether the path is still reachable, whether other related public references exist, and what information remains indexed. Determining historical access, internal scope, or root cause requires an additional access-authorized assessment.
What is the next step?
You share the domain to review. We agree on scope, run the review, and deliver the report. If you need support to contain or validate internally, we define a separate, authorized scope.