[LarkaUZ_]

Hi. Indeed we did not write a vulnerability scanner from scratch. We run a few major vulnerability scanners like OpenVAS on the target website, configured in a way to be non-intrusive. We do not communicate on the exact tools that we launch and how we compile the results since this is our secret sauce ...

Fair point about the "GET /article/delete/1" issue, unfortunately a lot of SMB do not have staging/test instances ...

[GordonS]

> We do not communicate on the exact tools

Honestly, you're not communicating much. Serious question: why would anyone give you their card details for a complete unknown? Your site doesn't provide free scans, sample reports (or even partial ones), or even say anything about who 'ScannerSec' is.

[raesene9]

It would be relatively straightforward to announce the scanners you use without disclosing your analysis/correlation tools (which presumably is where you're looking to add value here?)

I'd echo the other comments about being very careful with language like "non-intrusive", I've taken systems down with a single ' character in a login box before or by carrying out basic port scans.

Now obviously you could say that a system that fragile has bigger problems, but customers tend not to feel that way if something bad has happened to their site on the day you're scanning them...

[jvehent]

Your secret sauce is purely based on the hard work of open source developers. Pardon me if I don't support your obscurantism.

[newsat13]

Granted OP is obscure but this is a very harsh assessment. Such comments can be hurtful to hear when you launch. Why not give some positive and constructive feedback?

[kapauldo]

Just like wordpress