Illustrative sample only. Every name, host, IP address, and finding below is fictional example data — no real client information appears on this page.
Sample Report

What you actually get back.

Below are real excerpts from the same reporting engine we use on every engagement — not a mockup drawn up for the website. It's the output of assessment software we built in-house, so what you see here is what lands in your inbox: severity-ranked findings, compliance citations, a prioritized fix list, and clean data exports. Company name, hosts, and addresses are fictional; report structure and depth are not.

External Vulnerability Assessment

Prepared for Alderwood Manufacturing, Inc. (sample) Perimeter & DMZ Assessment window Jun 22–24, 2026
Sample data
38
Critical
4
High
9
Medium
12
Low
6
Info
Findings by severity (excerpt)
Known CVEs — OpenSSL 1.0.2k-fips (end-of-life)

1 targetvpn.alderwood-mfg.example (203.0.113.10:443)collapsed above 15 matches per our clustering rule — full list in the JSON/CSV/SARIF export.

38 CVEs

Remote Desktop Protocol (RDP) Exposed to the Internet

High
203.0.113.22:3389

Port 3389 accepts connections from any source on the internet. RDP is a frequent target for credential-stuffing and ransomware-precursor activity.

3389/tcp open ms-wbt-server Microsoft Terminal Services
Remediation: Restrict RDP to a VPN or bastion host; require MFA; disable direct internet exposure.
PCI DSS 1.3.1CIS Controls v8 – 4.4

Expired TLS Certificate

High
mail.alderwood-mfg.example:443

The presented certificate expired before the assessment date, which breaks encrypted-transport trust and typically also breaks automated mail-client warnings for end users.

Subject: CN=mail.alderwood-mfg.example Not valid after: 2026-04-18
Remediation: Renew and deploy a new certificate; automate renewal (e.g. Let's Encrypt/ACME) to prevent recurrence.
PCI DSS 4.2.1

Missing HTTP Security Headers (HSTS, Content-Security-Policy)

Medium
www.alderwood-mfg.example3 targets

Responses omit HSTS and CSP headers, leaving visitors more exposed to protocol-downgrade and injection-style attacks than necessary.

Remediation: Add Strict-Transport-Security and a scoped Content-Security-Policy at the web server or load balancer.
CIS Controls v8 – 4.1

Legacy TLS Protocol Versions Enabled (TLS 1.0 / 1.1)

Low
www.alderwood-mfg.example:4432 targets

TLS 1.0 and 1.1 remain enabled alongside 1.2/1.3. Both are deprecated and disallowed under current PCI DSS guidance.

Remediation: Disable TLS 1.0/1.1 in the web server configuration; keep 1.2 and 1.3 only.
PCI DSS 4.2.1
Prioritized action items
  1. 1Known CVEs on outdated OpenSSL — patch or replace the appliance terminating TLS at the VPN gateway1 target38 CVEs
  2. 2RDP exposed to the internet — move behind VPN/bastion, enforce MFA1 target
  3. 3Expired TLS certificate — renew and automate renewal1 target
  4. 4Missing HTTP security headers — add HSTS and CSP3 targets
  5. 5Legacy TLS versions enabled — disable TLS 1.0/1.12 targets

Full reports also include a cover page, engagement scope and methodology, a complete compliance-coverage appendix, remediation-script attachments where applicable, and open-source tool attribution — trimmed here to keep this page a reasonable length.

How this gets built

This report comes out of software we wrote ourselves.

We didn't stitch this together by pasting raw scanner output into a Word template. Every engagement runs through assessment platforms we built and maintain in-house, purpose-built to turn scan data into the report above.

PDF report JSON CSV SARIF

Want to see what this looks like on your network?

Request an assessment and we'll scope it with you before anything runs.