What is Swordfish, and what does it do?

Firstly, Swordfish is not a penetration test; it’s a passive scan of your website and email domains. It looks for common misconfigurations, and it looks for weaknesses in your email domains that might leave you open to fraud.

• We will assess your site’s transport layer security against the Mozilla Intermediate recommendations.
• We will look at your DNS record to ensure you have not missed any opportunities to reduce email fraud.
• We will perform a limited passive scan of your website to look for vulnerable JavaScript and web server misconfigurations.
• We will check your host server for unnecessarily open application ports that may leave you vulnerable to attack.

We will then triage this information and email you the final report.

By requesting a report, you consent to these automated scans of your business domains. If you are not the owner of the business domain you are requesting a scan for, then we will hold you legally responsible as the requestor.