Reports are currently delivered through a secure handoff after review. A client portal is planned for recurring reviews and monitoring.
Request a secure reviewTurn visible exposure into a clear next move.
SurfaceSignal reviews what the outside world can see, groups what matters, and delivers a secure executive dossier before you commit to bigger security work.
First review: $149-$299. Scope confirmed before work begins. Authorized public-facing targets only.
Authorized target -> scope confirmation -> reviewed dossier.
Executive Summary
Clear findings. Confident next step.
The first review, in four decisions.
A focused outside-in path from visible surface to reviewed dossier - without passwords, internal access, or a larger commitment up front.
See what is already visible.
We review public-facing web, DNS, email, TLS, services, forms, paths, and documentation signals that can shape outside-in exposure.
Separate noise from the first move.
Signals are grouped by exposure, evidence strength, and fix value so the next action is easier to choose.
Receive the decision brief.
You get a concise executive dossier with priority findings, evidence notes, scope boundaries, and a plain-English next step.
Start with the first outside-in review.
Submit an authorized target. We confirm scope, payment, and timing before work begins.
Request the first review.
Submit an authorized target. We confirm scope, payment, and timing before work begins.
Package summary
Business Attack Surface Check: a reviewed outside-in assessment that turns public exposure into a clear next move. First review pricing is $149-$299.
Scope safety
Use this for domains and hosts you own or are authorized to submit. No passwords, production credentials, or internal access are requested for the first review.
What happens next
After submission, scope, payment, and timing are confirmed directly. The reviewed dossier is prepared only after the request is authorized and ready to begin.
Built for a safe first engagement.
SurfaceSignal is built for a safe first look at authorized public-facing exposure. We confirm scope before work begins and keep the first engagement deliberately outside-in.
Public-facing review
Websites, reachable services, DNS/email posture, TLS, forms, portals, APIs, and documentation signals.
No passwords required
No internal access, production credentials, employee accounts, or authenticated testing for the first review.
Authorized targets only
Use this for domains and hosts you own or are approved to submit for outside-in review.
Reviewed before delivery
Findings are grouped and interpreted before anything becomes a client-facing recommendation.
Manual follow-up
Scope, payment, and timing are confirmed directly before work begins.
Secure handoff
The reviewed dossier is delivered through a secure handoff with PDF copies for reference.
This first review is not a full penetration test, authenticated internal review, exploit execution, or compliance certification.
What you need to know before the first review.
Clear answers on scope, safety, deliverables, and next steps before you submit a target.
What will you check?
The first review looks at public-facing web paths, reachable services, TLS and certificate posture, DNS and email posture, exposed documentation, forms, portals, and related outside-visible signals. It is meant to answer what can be seen from the internet before you decide whether a larger project is worth it.
Do you need internal access?
No. The first review does not ask for passwords, employee accounts, production credentials, VPN access, or internal systems. It stays outside-in and reviews authorized public-facing exposure only, which keeps the engagement safer, faster to approve, and easier to scope before deeper work is considered.
What do I receive?
You receive a reviewed executive dossier with a concise summary, prioritized findings, evidence notes, scope boundaries, and a plain-English next-step recommendation. When useful, supporting PDF copies and a technical companion can travel with the brief so an owner, advisor, vendor, or technical contact can follow the decision.
Is this a penetration test?
No. This is not a full penetration test, exploit execution, authenticated internal review, or compliance certification. It is a focused first look at authorized public exposure. If the evidence shows a deeper review would be useful, the dossier can help decide that next step with better context.
How does payment work?
The first review is listed at $149-$299. After you submit the request, scope and payment are confirmed directly before work begins. Manual follow-up keeps the target, authorization, price, and timing clear before any review is started.
What happens after the report?
The dossier gives you a practical path: fix what matters, validate a change, monitor lower-pressure items, request a walkthrough, or expand scope only when the evidence supports it. You can stop with the first decision brief or use it as the starting point for follow-up work.
Can I request validation or monitoring later?
Yes. Validation and monitoring are better as follow-up options after the first review has established what is visible and what matters. After a fix, a focused validation pass can confirm whether the signal changed. Monitoring can be discussed if recurring visibility would be useful.