How we verify you’re authorised to scan.
AttackEdge only scans targets you own or are expressly authorised to test. The check is built into the product. Here is what happens, what you need on hand, and where to find the longer written authorisation form when the standard flow does not fit.
Why we verify
Scanning live systems without authorisation is a criminal offence under the Australian Cybercrimes Act 2001, the United States Computer Fraud and Abuse Act, the United Kingdom Computer Misuse Act 1990, and equivalent statutes elsewhere. Verification is how we prove authorisation before any scan runs. It protects you, it protects us, and it aligns with standard practice across the security industry.
The in-app step
When you add an asset to your workspace, the app walks you through a short attestation. You confirm that you own the asset, or that you are expressly authorised to test it on behalf of the party that does, and that you accept the acceptable use policy. That confirmation is recorded against your account and against that specific asset.
Once the attestation is recorded, scheduled scans on that asset can run. No DNS records to add, no files to upload. Most customers go from sign-up to the first scan in under sixty seconds.
When the in-app step is not enough
Some cases need a stronger written record. For example:
You are an MSP, agency, or consultant scanning on behalf of a client who manages their own DNS and hosting. You are adding an IP range (/29 or larger) where the asset is not a single web service. Your insurer, your customer, or your auditor wants a signed authorisation on file before you commission the scan.
For any of these, complete the scan authorisation form. It is a short document you sign electronically. We review it manually, usually within one business day, and confirm by email that scans against the listed assets are authorised.
What happens after authorisation is in place
Your scheduled scans start on the cadence you choose. Emerging-threat triggers run against your assets the day a relevant vulnerability is published. The report is delivered to your dashboard and emailed to you on the cycle date. You can track scan status in the app.
Questions
If your situation is unusual, email hello@attackedge.io before subscribing. We would rather help you through authorisation up front than have to refund a scan we could not run.