logo

Security

Penetration Test Report

External Web Application & Network Assessment

Client: ManaKnight Digital Inc.

Report Classification: Summary (Public Version)

Assessment Type: External Network & Web Application Penetration Test

Scope: manaknightdigital.com and associated subdomains / public-facing infrastructure

Note: This page provides a summary of our penetration testing practices and methodology. Detailed vulnerability findings are confidential and maintained internally. Full reports are available to authorized stakeholders upon request under NDA.

1. Executive Summary

ManaKnight Digital Inc. engages qualified third-party penetration testing firms to conduct regular external penetration tests of our public-facing web applications and network infrastructure associated with manaknightdigital.com.

These assessments identify security vulnerabilities across our digital assets. All Critical and High severity findings are prioritized for immediate remediation. Our security posture demonstrates a strong foundational security baseline with continuous improvement initiatives.

1.1 Finding Severity Categories

Findings are categorized using industry-standard severity ratings:

Severity Description Remediation SLA
Critical Vulnerabilities that could lead to immediate system compromise 72 hours
High Significant vulnerabilities requiring urgent attention 30 days
Medium Moderate risk vulnerabilities 90 days
Low Minor security issues 180 days
Informational Best practice recommendations As resources permit

1.2 Key Security Measures

Based on assessment recommendations, ManaKnight Digital maintains the following security controls:

  • Web Application Firewall (WAF) in blocking mode on all public-facing applications
  • Hardened TLS configuration across all services (TLS 1.2 and 1.3 only)
  • Content Security Policy (CSP) headers on web applications
  • Regular developer security training focused on the OWASP Top 10
  • Continuous vulnerability scanning and monitoring

2. Scope and Methodology

2.1 Scope of Assessment

Our penetration testing engagements include:

Asset Type In Scope
manaknightdigital.com Primary Web Application Yes
*.manaknightdigital.com Subdomains Yes (enumerated subdomains)
Public IP Infrastructure Network / Infrastructure Yes
Internal systems / APIs Internal Infrastructure No (out of scope for external tests)

2.2 Methodology

Assessments follow industry-standard penetration testing methodology based on the PTES (Penetration Testing Execution Standard) and OWASP Testing Guide. Engagements are conducted in the following phases:

  • Phase 1 - Reconnaissance: Passive and active information gathering, subdomain enumeration, technology fingerprinting, OSINT
  • Phase 2 - Scanning & Enumeration: Network scanning, service enumeration, vulnerability scanning, web crawling
  • Phase 3 - Exploitation: Manual testing of identified vulnerabilities; exploitation of confirmed findings to demonstrate impact
  • Phase 4 - Post-Exploitation: Where authorized, assessment of lateral movement and privilege escalation potential
  • Phase 5 - Reporting: Documentation of all findings with evidence, risk rating, and remediation guidance

2.3 Tools and Standards

Our testing partners utilize industry-standard tools and frameworks including:

  • Network Scanning: Nmap, Masscan
  • Vulnerability Scanning: Nessus Professional, Nikto
  • Web Application Testing: Burp Suite Professional, OWASP ZAP
  • Reconnaissance: Shodan, Censys, Amass
  • Manual Testing: Custom scripts, browser developer tools

3. Common Finding Categories

Penetration tests typically assess for the following vulnerability categories, aligned with the OWASP Top 10:

  • Injection Vulnerabilities: SQL injection, command injection, and other injection flaws
  • Authentication & Session Management: Weak credentials, session fixation, improper logout
  • Sensitive Data Exposure: Unencrypted data transmission, information disclosure
  • Security Misconfiguration: Default credentials, verbose error messages, missing security headers
  • Cross-Site Scripting (XSS): Reflected, stored, and DOM-based XSS
  • Insecure Direct Object References: Unauthorized access to resources
  • Cryptographic Failures: Weak TLS configuration, deprecated protocols

4. Remediation Process

ManaKnight Digital follows a structured remediation process based on finding severity:

Severity SLA for Remediation Responsible Party
Critical 72 hours Engineering Lead / CTO
High 30 days Engineering Lead
Medium 90 days Development Team
Low 180 days / next release cycle Development Team
Informational As resources permit Development Team

5. Continuous Security Program

ManaKnight Digital is committed to maintaining a robust security posture through:

  • Regular Penetration Testing: Annual external assessments with quarterly vulnerability scans
  • Developer Security Training: Ongoing education on secure coding practices and OWASP Top 10
  • Vulnerability Management Program: Continuous monitoring and remediation of identified vulnerabilities
  • Web Application Firewall: Real-time protection against common web attacks
  • Incident Response Plan: Documented procedures for security incident handling
  • Re-Testing: Verification of remediated findings within 30-60 days

6. Request Full Report

Detailed penetration test reports containing specific vulnerability findings, evidence, and technical remediation guidance are classified as Strictly Confidential. Full reports are available to authorized stakeholders (enterprise clients, partners, auditors) under appropriate non-disclosure agreements.

To request access to detailed security assessment reports, please contact us at security@manaknightdigital.com.

Approved by: Ryan, Chief Executive Officer, ManaKnight Digital Inc.
Date: May 5, 2026