Skip to content
Aegix

Our approach

We treat the scanner as a junior analyst. Never trusted on its own.

Most firms run a scanner and call it a pentest. Most boutique shops run a pentest and ignore everything the scanner found. We do both — and the senior engineer who finds the bug is the same one who writes the remediation guidance, signs the report, and re-tests the fix.

Principles

Four operating principles, applied identically across every engagement.

01

Automation finds surface area.

Continuous scanners run from the moment scope is agreed. They map hosts, services, identities, third-party SaaS, and exposed secrets across cloud accounts. Scanners are cheap, so we let them work the breadth of the problem.

02

Humans find the breach.

Every scanner signal is reviewed by a senior engineer before it reaches your inbox. We reproduce the finding, prove exploitability, and rank it against your actual business impact — not raw CVSS. Findings that don't survive that review never become tickets.

03

Peer review is non-negotiable.

Two engineers sign off on every report. The reviewer is independent of the operator. Disagreements get re-tested, not averaged. This is why our false-positive rate, externally measured by clients, is zero.

04

Remediation is part of the deliverable.

Findings ship with exact patch guidance, configuration diffs, and — where we have repo access — pull requests. Re-tests are included within 60 days. We measure ourselves by what gets fixed, not what gets found.

The validation pipeline

From scanner signal to peer-reviewed finding.

  1. T+0h

    Scope locked

    Assets, environments, credentials, and rules of engagement agreed in a single 45-minute call.

  2. T+4h

    Scanners sweep

    Continuous scanner mesh enumerates the attack surface. Findings stream into the analyst console — never the client inbox.

  3. T+24h

    Triage queue

    Lead analyst walks the queue, eliminates false positives, ranks the real ones, and routes high-priority items to specialists.

  4. T+48h

    First finding shipped

    Within two business days, your team has the first reproduced finding with a working PoC and remediation patch.

  5. Daily

    Findings drop

    We don't hoard findings for the final report. Each is delivered the day it is validated, in your Slack or ticketing tool.

  6. End

    Peer-reviewed report

    Two analysts sign off. Executive narrative, technical detail, and remediation backlog — plus a 60-day re-test letter.

Why this works

Automation is breadth. Humans are depth. You need both.

A pure-automation firm will find the same things a free scanner does — exposed S3 buckets, outdated TLS, default credentials. Real attackers chain those into something worse. Detecting the chain is a human job.

A pure-consulting firm will go deep on the assets it scoped, and miss the misconfigured side-system that an attacker would walk in through. Detecting the entire surface is a scanner job.

Aegix runs both, owned by the same engineer, governed by the same review process. That's the difference between a report you file and a report you act on.

Talk to a lead engineer, not a sales rep.

First contact is with the person who would actually lead your engagement. We start the scoping call with technical questions.

Request engagement