Security testing evidence for teams that need proof fast.
Add a verified target, run a safe automated assessment, and export a clean report for due diligence, ISO readiness, vendor reviews, and internal remediation.
Or scan your website with a limited public preview. 1 free scan per IP per 30 days.
Built for
ISO 27001 readiness
Built for
SOC 2 prep
Built for
Vendor due diligence
Built for
Human-verified reports
The problem
Security evidence is overdue, scattered, or missing entirely.
Teams need proof of due diligence on a predictable cadence. Nano Testing turns automated checks into structured findings and a clean report you can hand to anyone who needs to see it.
Audit pressure on every release
Auditors and procurement teams ask for security evidence with deadlines. Most teams scramble through screenshots, spreadsheets, and old PDFs that don't tell a clean story.
Vendor reviews stall sales
Enterprise prospects send long security questionnaires. Without recent assessment evidence, the deal sits in legal review for weeks instead of closing.
Internal remediation slips
Findings live in a tool nobody opens. Engineers don't see severity context. Re-test status is unclear. The same gaps reappear every quarter.
What Nano Testing checks
Safe, non-invasive checks that map to real security evidence.
Every check is read-only. No payloads, no fuzzing, no authentication bypass attempts. The full scan covers the same surface as the public preview, with verified targets, deeper analysis, and unlocked findings.
TLS certificate
Validity, issuer, expiry, and basic configuration health checks for HTTPS endpoints.
Security headers
Strict-Transport-Security, Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy.
DNS hygiene
Resolution checks, public IP validation, and record sanity. Private and metadata IPs are blocked at the worker.
Redirect behavior
HTTP to HTTPS redirects, redirect chains, and host normalization.
robots.txt and sitemap.xml
Discovery and content review for unintended paths or crawl directives.
Technology fingerprint
Passive header-based fingerprint of the stack. No active probes or banner brute force.
Sensitive paths
Safe-mode existence checks for common sensitive files. No payloads, no destructive tests.
HTTP availability
Status code, response timing, and HTTPS availability over the public IP.
Cookie attributes
Secure, HttpOnly, and SameSite attribute review for response cookies.
Misconfiguration signals
Information disclosure surfaces in headers, error pages, and standard endpoints.
How it works
From a verified target to a clean report in four steps.
- Step 01
Add target
Add a website, web app, or API. We validate the URL, normalize the host, and block private and metadata IPs.
- Step 02
Verify ownership
Prove ownership with a DNS TXT record or HTML file. Full scans are gated behind verification.
- Step 03
Run safe scan
Our worker runs read-only checks against your target. No payloads, no destructive tests, no aggressive load.
- Step 04
Export report
Review findings by severity, track remediation, and export a NANOTESTING-branded PDF for auditors and clients.
Reports and evidence
A clean report that stands up to a procurement review.
Findings are normalized, deduplicated, and grouped by severity. Every report includes scope, methodology, limitations, and an authorization statement so the reader knows exactly what was tested.
- Executive summary with security score and severity counts.
- Detailed findings with remediation, evidence, and CWE mapping.
- Verified-report variant with reviewer notes for due diligence.
Target
app.example.com
Security score
72/ 100
Issues detected
24
Detailed findings
LockedUse cases
Built for the moments where evidence is the deliverable.
ISO 27001 readiness
Show evidence of automated security testing as part of your ISMS. Map findings to controls and track remediation.
SOC 2 prep
Run scheduled scans on production targets and keep dated evidence ready for the audit window.
Vendor due diligence
Reply to security questionnaires with a current Nano Testing report instead of stale screenshots.
Internal remediation
Triage findings by severity, assign owners, and re-test with one click. The report stays in sync.
Pricing
Pricing that scales with your evidence cadence.
Start free. Move to Starter or Growth as your scan frequency grows. Add a Verified report when an auditor or buyer needs a human-reviewed deliverable.
Free
Preview Nano Testing before you upgrade.
- 1 limited scan per day after signup
- 1 anonymous preview per IP per 30 days
- Blurred findings, upgrade to unlock
- 1 verified target
- Limited PDF report
Starter
For small teams that need monthly evidence.
- 3 targets
- Monthly scans per target
- Basic PDF reports
- Email notifications
- Audit log
Growth
For teams running ongoing security review.
- 10 targets
- Weekly scans per target
- Repository scan foundation
- Better reports with remediation
- Remediation tracking
- Priority email support
Verified
Human-verified report for due diligence.
- Internal reviewer workflow
- Signed verified report
- Reviewer notes per finding
- Verification badge
- Suitable for vendor reviews
All plans require verified target ownership for full scans. Anonymous previews are limited to one per IP per 30 days; registered free users get one limited scan per day. All free results are blurred.
Questions
Straight answers about what Nano Testing does and doesn't do.
If you don't see your question, contact the team. We try to be specific about scope so you can evaluate fit.
Ready when you are
Stop sending screenshots. Start sending reports.
Create an account, verify your target, and run a safe automated assessment in minutes. Or run a limited public preview first.