Penetration Testing
Autonomous, expert-reviewed security testing that finds what attackers find — before they do. Malachi covers your full attack surface: network infrastructure, cloud environments, web applications, and custom APIs, with first findings delivered within 24 hours.
What’s covered
Infrastructure & Network
Port scanning, service enumeration, CVE identification, TLS/SSL analysis, and exposed remote access services across your entire IP footprint.
Cloud Environments
S3, Azure Blob, and GCP storage exposure checks; IAM role and permission analysis; Kubernetes configurations and container registry access.
Web Application & API Security
Full OWASP Top 10 coverage plus deeper business logic testing: IDOR, JWT weaknesses, mass assignment, rate limiting, and undocumented admin endpoints.
Autonomous Discovery
Subdomain enumeration, passive DNS mapping, and endpoint crawling surface assets you may not know are publicly reachable — forgotten staging servers, shadow IT, and exposed integrations.
Expert-Reviewed Reports
Every finding reviewed by a qualified analyst. CVSS scores, business-impact assessments, and prioritised remediation steps — not a raw dump of alerts. Separate technical and executive-summary versions included.
Compliance-Ready Documentation
Reports structured to satisfy POPIA, ISO 27001, PCI-DSS, and cyber-insurance auditors — documentation your board and insurers will accept without question.
The Platform
Malachi — Scrutinium, Vigilia, Prudentia
Malachi is SoftSol’s autonomous penetration testing platform. It brings enterprise-grade security testing within reach of every South African business.
Security is not a product — it is a discipline. Malachi was built on the conviction that every organisation deserves the same relentless scrutiny that sophisticated attackers apply daily. It does not merely scan: it investigates, combining autonomous tooling with human expertise to surface what automated platforms miss and deliver clarity where others deliver noise.
Scrutinium
Thorough investigation of every attack surface — infrastructure, cloud, web applications, APIs, and business logic — leaving no layer unexamined.
Vigilia
Managed continuous and scheduled scanning — Malachi handles the cadence, alerting, and reporting so your team receives actionable intelligence without running any infrastructure.
Prudentia
Expert wisdom applied to every finding — eliminating false positives, prioritising by real-world risk, and delivering remediation your team can execute immediately.
- •First report delivered within 24 hours of engagement
- •Over 6,500 vulnerability templates covering current CVEs and novel attack patterns
- •All engagements conducted under a signed scope-of-work with explicit authorisation
- •Direct access to the engineers running the platform — no ticket queues, no offshore centres
Ready to test your defences?
Request a free initial assessment or contact SoftSol to discuss the right engagement for your environment.