Terms
These terms describe the basic rules for the VefaSec client panel, package selection, website ownership verification, measurement scope and report delivery flow.
Last updated: May 17, 2026
VefaSec may only be used for websites and systems you own or are explicitly authorized to test.
DNS/meta verification, phone verification and scope declarations may be required to reduce unauthorized measurement risk.
Third-party systems, shared infrastructure, non-customer domains or assets without written authorization are out of scope.
Starter Package is designed for safe scanning with 30+ tools, finding validation and reporting.
Professional Package may include higher-risk validation tools and controlled exploitation attempts only where the customer explicitly approves them.
Enterprise scopes, recurring measurement, custom targets or broader systems require a separate quote and scope approval.
Measurement does not start until payment/commercial approval and scope review are completed after the package request.
Reports are delivered to the client panel. Report links may be time-limited and the access duration set by admin is shown in the client panel.
Report email only confirms that the report is ready in the panel; for security reasons the report URL is not shared directly in email.
The customer confirms that they are authorized for the assets to be measured and that the provided information is accurate.
Higher-risk test permissions are applied only within the customer-approved scope; steps that may affect availability are reviewed separately.
VefaSec provides technical remediation guidance in reports; implementing fixes remains the responsibility of the customer's systems and teams.