Frequently Asked Questions

Most scans complete in under an hour. You'll get results immediately, no waiting days for a report.

No. VulWall is built for teams without security expertise. Every finding comes with a plain-English explanation and step-by-step fix.

Just your domain name. No agents to install, no code changes, no access credentials needed.

We scan for the security issues that matter most: SSL/TLS configuration, exposed ports, security headers, subdomain vulnerabilities, known CVEs, and misconfigurations. Think of it as seeing your infrastructure the way an attacker would.

One domain, monthly scans, and a summary report. Enough to see if VulWall is useful for you.

When you need continuous monitoring, multiple domains, the Security Certificate for customers, or AI-powered remediation guidance. Most teams upgrade when a customer, investor, or a compliance audit asks about security.

Yes. No contracts, no cancellation fees. Cancel from your dashboard whenever you want.

VulWall provides continuous vulnerability monitoring and audit-ready reports, which directly support the technical vulnerability management requirements in SOC 2, ISO 27001, and NIS2. We're not a compliance certification ourselves, but we give you the evidence and documentation that auditors look for. Many teams use VulWall alongside their compliance program.

NIS2 requires organisations to implement continuous vulnerability monitoring, incident reporting, and risk management for their infrastructure. VulWall covers the technical vulnerability monitoring part: automated scanning, audit-ready reports, and a Security Certificate that documents your security posture over time. It won't cover everything NIS2 requires (policies, governance, supply chain risk), but it gives you the continuous monitoring and documentation that auditors will ask for first.

Yes, that's exactly what it's for. Your Certificate is a shareable link that shows your security posture. Send it to procurement, include it in sales decks, or link it from your website.

When a customer, auditor, or partner asks about your security, send them your Certificate instead of scrambling. It shows what you've tested, what you've fixed, and that you monitor continuously. One link, always current.

Yes, securely encrypted in the EU. You own your data and can delete it anytime. See our Privacy Policy for details.

Qualys and Nessus are powerful tools built for security teams with dedicated staff to configure, run, and interpret results. VulWall is built for teams without that expertise: zero configuration, plain-English findings, AI-powered remediation guidance, and a shareable Security Certificate. If you have a full-time security engineer, those tools are great. If you don't, VulWall gets you covered without the learning curve.

Different layers of the stack. Snyk scans your source code, dependencies, and containers inside your CI pipeline. VulWall scans what's visible from the outside: your live infrastructure, exposed services, SSL configuration, security headers, and email security. Snyk catches vulnerable packages before you deploy. VulWall catches what's exposed after you deploy. Many teams use both.

Those tools require security expertise to configure, run, and interpret. VulWall is automated, continuous, and explains everything in plain English. You get actionable results, not raw vulnerability dumps.

For most companies without dedicated security staff, yes, at least for infrastructure vulnerability management. VulWall handles continuous monitoring, AI-powered remediation, and audit-ready reports. For business logic testing and complex security architecture, you'll eventually want human expertise, but VulWall covers the continuous baseline.

Annual pentests are valuable for business logic and application-level testing. But the majority of a typical pentest covers infrastructure checks that can be automated and run continuously. VulWall handles that part for you. When you do commission a pentest, your firm can skip the infrastructure scanning and focus on business logic testing, significantly reducing the scope and cost of the engagement.

That's actually good: you found issues before a customer or attacker did. We prioritize findings and show you exactly what to fix first. Most teams improve their score within a week.

Our scans generate minimal traffic comparable to normal web browsing. There is no meaningful performance impact on your servers or anything your users would notice.

You can mark findings as false positives or accepted risks. We know not every finding applies to every situation. Your Certificate reflects your actual security decisions, not just raw scan output.

Pro users get AI-powered remediation guidance with step-by-step fixes. If you need hands-on help, someone to actually resolve issues for you, contact us for dedicated support options.