┌──────────────────────────────────────────────────────────────────┐
│    FREE SECURITY POSTURE ASSESSMENT  ·  NO COMMITMENT            │
├──────────────────────────────────────────────────────────────────┤
│  recon  →  scan  →  analyze  →  report  →  debrief               │
└──────────────────────────────────────────────────────────────────┘

Free Security Posture Assessment

// passive external scan · written findings · 30-min debrief call

Not sure where your security gaps are? We’ll show you — at no cost, no obligation, and no disruption to your site.

What’s Included

01 — External Recon

We perform passive open-source reconnaissance on your domain: exposed subdomains, DNS misconfigurations, certificate issues, leaked credentials in public breach databases, and technology fingerprinting.

02 — Website Scan

Non-invasive external scan of the website URL you provide. We check for missing security headers, TLS configuration issues, exposed admin panels, outdated software versions, and common misconfiguration patterns.

03 — Written Findings

You receive a one-page security posture summary: your current exposure, top 3 prioritized risks, and specific recommended actions — written in plain language, not jargon.

04 — 30-Minute Debrief Call

We walk through the findings together, answer your questions, explain what each risk means in practical terms, and discuss options for remediation if you want to take next steps.

What We Do NOT Do

This assessment is passive and external only. We do not perform active exploitation, brute-force attacks, denial-of-service testing, or any action that could disrupt your site or users.

Who This Is For

Small and medium businesses, nonprofits, and federal contractors in DC, MD, VA, and nationwide who want an honest third-party look at their external security posture — before an attacker gets one first.

assessment@ottomateit:~$ cat process.txt
step 1 : submit the form below — include the URL you want scanned
step 2 : we verify authorization and confirm your request within 1 business day
step 3 : passive external scan is conducted (no disruption to your site)
step 4 : written findings report delivered to your email
step 5 : 30-minute debrief call scheduled at your convenience
step 6 : no obligation — findings are yours to keep regardless

Request Your Free Assessment

Complete the form below. The authorization checkbox is required — we will not scan any domain without written consent from an authorized representative.

Full Name * Email Address * Phone Number (optional) Company / Organization * Website URL to Scan *

// enter the primary domain you want assessed. you must have authority over this domain.

Anything specific you’d like us to focus on? (optional)

// authorization & liability waiver — required

I certify that I am the owner or an authorized representative of the website URL entered above and have legal authority to authorize this assessment. I authorize Ottomated IT, LLC to conduct a passive, non-invasive external security assessment of the domain provided. I understand this assessment does not include active exploitation, brute-force attacks, denial-of-service testing, or any actions that would disrupt normal site operations or its users. I agree to hold Ottomated IT, LLC, its employees, and its contractors harmless from any claims, damages, or liability arising from or related to this assessment. I acknowledge that findings are provided for informational purposes only and do not constitute legal, compliance, or audit documentation.

// protected by cloudflare turnstile · tls 1.3 · no data sold or shared

Frequently Asked Questions

Is this really free?

Yes. No credit card, no trial, no hidden fees. We offer this to qualified businesses because it starts the conversation and demonstrates our expertise. You keep the findings regardless of what you decide next.

How long does it take?

We aim to complete the scan and deliver findings within 3–5 business days of confirming your authorization. The 30-minute debrief call is scheduled at a time that works for you.

Will the scan affect my website?

No. Our assessment is entirely passive and external. We analyze publicly observable information about your domain. Your site will not experience any disruption, slowdown, or unusual traffic from us.

What if I have multiple domains?

The free assessment covers one primary domain. If you want additional domains assessed, contact us — we can discuss expanded scope as part of a paid engagement.

Do I need to be in DC, MD, or VA?

No. We serve clients nationwide. The assessment and debrief call are conducted remotely, so geography is not a barrier.

What happens after the debrief?

Nothing, unless you want it to. We may follow up once to see if you have questions, but there is no sales pressure. If you want help remediating findings, we can discuss options. If not, we’re glad we could help.