Authorization & Consent Agreement

Last updated: March 3, 2026

This Authorization and Consent Agreement ("Agreement") establishes the terms under which you authorize Vuln0x, operated by Solustiq Yazilim ve Yapay Zeka Teknolojileri A.S., to perform security scanning on your designated systems.

1. Authorization Declaration

By verifying a domain and initiating a scan through the Vuln0x platform, you confirm and declare that:

  • "I confirm that I am the owner of the target domain/system, or I have obtained explicit written authorization from the owner to perform security testing."
  • You have the legal authority to authorize security testing on the specified target.
  • Your authorization extends to all scan types and modules selected.
  • You understand the nature and scope of the security testing being performed.

2. Scan Scope

Vuln0x performs security assessments that may include the following activities depending on the scan type selected:

2.1 Passive Scanning

  • HTTP header analysis and security header verification.
  • SSL/TLS certificate validation and configuration review.
  • DNS record analysis.
  • Technology stack detection.
  • Cookie security assessment.
  • CORS policy evaluation.

2.2 Active Scanning

  • Port scanning and service enumeration.
  • Vulnerability detection (OWASP Top 10 and beyond).
  • Authentication and session management testing.
  • Authorization and access control testing.
  • Input validation and injection testing (SQL, XSS, etc.).
  • Application logic vulnerability assessment.
  • Infrastructure security evaluation.

Note: Active scanning sends requests to your target system that may appear in server logs and could potentially trigger security alerts from your hosting provider or WAF (Web Application Firewall).

3. Your Responsibilities

As the authorizing party, you are responsible for:

  • Hosting Provider Notification: Informing your hosting provider, cloud provider, and/or network administrator that authorized security testing will be performed on your systems. Many providers (AWS, GCP, Azure, etc.) require prior notification or approval for penetration testing activities.
  • WAF and Security Tool Configuration: Ensuring that Vuln0x scanning traffic is not blocked by your security tools if you want complete scan coverage, or accepting that some findings may be limited by active defenses.
  • Scope Accuracy: Ensuring that the domains and URLs you submit for scanning are accurate and within your authorized scope.
  • Third-Party Authorization: If scanning systems owned by a third party, maintaining valid written authorization documentation and providing it to Vuln0x upon request.
  • Compliance: Ensuring that authorized security testing complies with all applicable local, national, and international laws and regulations.

4. Consent Logging

All authorization events are timestamped and logged by Vuln0x, including:

  • Domain verification date and method.
  • Scan initiation timestamp and user account.
  • Scan type and configuration parameters.
  • Target URL and resolved IP addresses.
  • Scan completion timestamp and status.

These logs serve as evidence of authorization and are retained for the duration of your account and for 90 days following account deletion.

5. Withdrawal of Consent

You may withdraw authorization at any time by:

  • Removing the domain from your verified domains list in Vuln0x.
  • Cancelling any active or scheduled scans for the domain.
  • Contacting us at support@vuln0x.com to request immediate cessation of all scanning activities.

6. Disclaimer

Vuln0x does not guarantee that security scans will identify all vulnerabilities. Scans are performed on a best-effort basis using automated tools and techniques. False positives and false negatives may occur. You remain solely responsible for the overall security of your systems.

7. Contact

For questions about this Agreement, contact us at legal@vuln0x.com.