RiskMeter is in launch. Before we publish prices, we want to do excellent website security scanning for our first ten qualified customers — at no cost, and with no card on file.
Launch offer
Free scan for qualified SMBs
The first 10 qualified businesses receive a complete external scan and report at no cost. No card. No upsell. Just useful information about your security posture.
Submitting an application does not guarantee acceptance. We prioritize businesses without an existing internal security team and websites we can scan responsibly.
External vulnerability scan of your authorized public surface
OWASP Top 10 weakness checks
TLS, certificate, and security header review
Outdated software / known-CVE check
Plain-English report with severities and recommended fixes
One follow-up email to clarify findings
Not included
Authenticated testing inside customer accounts
Source-code review
Continuous or scheduled monitoring
Remediation work performed on your behalf
Coming after launch
Standard and Pro tiers are on the roadmap.
We'll publish pricing once we've completed our first cohort. If a paid tier is the right fit, we'll let you know.
Standard
Coming soon
Quarterly external scans, ongoing reporting, and remediation guidance for a single business website.
Quarterly scans of authorized public surface
Continuous monitoring of new CVEs affecting your stack
Findings tracked and re-scored each quarter
Pricing will be published after our launch cohort.
Pro
Coming soon
Designed for growing teams managing multiple properties — deeper coverage, faster cycles, and direct support.
Monthly scans across multiple authorized assets
Authenticated testing under written agreement
Dedicated point of contact for triage and remediation
Pricing will be published after our launch cohort.
Common questions
Answers, briefly.
What's the catch with the free website security scan?
There isn't one. We're new and we want to do excellent work for our first ten customers. We do not store payment information, and we will not run paid scans without an explicit agreement.
How do you choose who qualifies for a free scan?
We look for small or mid-sized businesses without an existing internal security team, with a public-facing website we can scan responsibly, and where a free scan would actually be useful. Submitting an application does not guarantee acceptance.
Will you sell or share my data?
No. We collect the minimum needed to perform and report on the website security scan, and we don't share your data with third parties for marketing. See our Privacy Policy for full details.
What does a RiskMeter website security scan check for?
OWASP Top 10 weakness classes, TLS and certificate configuration, missing or weak security headers, exposed services and admin paths, and known-CVE / outdated software on your public surface. We do not perform destructive checks or test inside login-protected customer accounts in this scan.
What if I'm not in the first ten?
We'll let you know and add you to our launch list. When paid tiers are ready, we'll reach out — but only if you've consented to be contacted.