Product Knowledge Base Lorikeet Security Portals

Getting Access

Lorikeet Security operates two client portals. One account accesses both.

Sign up at /ptaas/signup
Use a corporate email. Free providers (Gmail, Yahoo, etc.) are not accepted.
Verify your email
Check your inbox for the verification link. Expires in 24 hours.
Log in to your chosen portal
Use the portal toggle on the login page to switch between PTaaS and ASM.
Choose a plan or activate a demo
Demo accounts can be activated instantly with a code from the pricing page.

Demo access: Contact us at lorikeetsecurity.com/contact to get a demo code and explore the platform immediately.

Portals at a Glance

PTaaS Client Dashboard

Track active engagements, view findings in real time, manage assets, collaborate with your team, and download deliverables.

ASM Portal

Continuously monitor your external attack surface. Automated subdomain discovery, security checks, and AI-enriched findings running 24/7.

	PTaaS Portal	ASM Portal
Purpose	Managed pentest engagements	Continuous attack surface monitoring
Testing	Human-led, expert pentests	Automated, continuous scans
Findings	Curated by pentest team	AI-enriched + KB-linked
URL	`/ptaas/login?portal=dashboard`	`/ptaas/login?portal=asm`
Integrations	Slack, Jira, Teams, Discord, SMS, GitHub, GitLab, Azure DevOps, Webhooks + 20 more coming soon	Webhooks, Slack, SMS

PTaaS Portal

Client Dashboard Overview

Your command center for all active and historical pentest engagements.

The PTaaS portal gives your team full visibility into every pentest Lorikeet Security runs. Track project status, review findings in real time, mark remediations, communicate with the team, and download final reports without waiting for email updates.

Project Tracking

See exactly where each engagement is in the workflow from scoping to remediation.

Live Findings

Findings appear in your dashboard as they are confirmed during the engagement.

Team Collaboration

Invite developers, security leads, and managers to your workspace.

Reports

Download final PDF reports, evidence packages, and compliance letters.

PTaaS Portal

Projects

A Project represents a single scoped pentest engagement with a type, timeline, assets, and findings attached.

Project Lifecycle

Contracting
Scope agreed, SOW being finalized.
Actively Pentesting
The Lorikeet team is live in your environment.
Remediation
Findings delivered; your team is fixing vulnerabilities.
Retest
The team verifies your fixes.
Completed
Final report issued. Project archived.

Project Types

Type	Description
`webapp`	Web application penetration test
`api`	REST / GraphQL / SOAP API security assessment
`mobile`	iOS or Android mobile app pentest
`cloud`	AWS, Azure, or GCP configuration review
`activedirectory`	Active Directory / Entra ID assessment
`redteam`	Full red team simulation
`soc2`	SOC 2 readiness penetration test
`pcidss`	PCI DSS scoped assessment
`thickclient`	Desktop / thick client application
`iot`	IoT / embedded device testing
`hardware`	Hardware and firmware security
`physical`	Physical security assessment

PTaaS Portal

Assets

Assets define the scope of your engagement what the pentest team is authorized to test.

Testing Types

Type	What the Tester Knows	Best For
Black-box	Nothing acts as an external attacker	External threat simulation
Grey-box	Some credentials, docs, or architecture diagrams	Most engagements balanced depth + realism
White-box	Full source code, credentials, infra access	Deep code-level review

The Additional Information field is read by your pentest team. Include staging credentials, test accounts, exclusions, and tech stack details.

PTaaS Portal

Findings

Severity Levels

Severity	CVSS	What It Means	Typical SLA
Critical	9.0–10.0	Immediate exploitation risk. Full compromise likely.	48 hours
High	7.0–8.9	High impact. May require chaining but very realistic.	7 days
Medium	4.0–6.9	Requires prerequisites but is a material risk.	30 days
Low	0.1–3.9	Minimal direct impact. Defense-in-depth value.	90 days
Info	0.0	Informational observations.	No SLA

Finding Statuses

Open Confirmed, not yet remediated
Ready for Retest Fixed by your team; awaiting verification
Remediated Fix verified by Lorikeet
Accepted Risk Formally accepted by your organization
False Positive Removed after further analysis

To request retest: click Mark Ready for Retest on the finding detail page. The Lorikeet team verifies and updates the status within the agreed retest window.

PTaaS Portal

Reports & Deliverables

Executive Summary Business-level risk overview for leadership and board communication
Technical Report Full findings with reproduction steps, evidence, and remediation
Evidence Package Raw HTTP requests/responses, screenshots, and PoC files
Retest Attestation Issued after Critical and High findings are verified remediated
Compliance Letter Where applicable (SOC 2, PCI DSS, ISO 27001)

Raw findings can be exported via the API for GRC tools and ticketing systems. See the Developer Docs.

PTaaS Portal

Team Management

Settings → Organization
Only the account owner or admins can invite members.
Enter the team member's email
Must match your company domain.
They receive an invite email
Invites expire after 72 hours. You can resend from the pending list.
Member accepts and sets a password
Automatically added to your company workspace.

PTaaS Portal

Billing

Lorikeet Security uses Stripe for payments, managed from Settings → Billing.

All major credit cards accepted
Invoice-based billing for enterprise accounts
Invoices sent to your registered email automatically
Receipts and history downloadable from the billing portal

For custom payment terms, PO-based billing, or multi-engagement pricing contact [email protected].

PTaaS Portal

Full Engagement Workflow

Sign up and create a project
Select your project type and add assets.
Scope call with the team
A Lorikeet engineer confirms the testing approach. Project moves to Contracting.
SOW signed, engagement scheduled
You receive a start date and a dedicated point of contact.
Active testing
Findings appear live in your dashboard as they are confirmed.
Findings delivered
Project moves to Remediation. Mark fixed items as ready for retest.
Retest
The Lorikeet team verifies all critical/high findings.
Final report
Full PDF report available in the portal. Attestation letter issued.

ASM Portal

Attack Surface Management Overview

Continuous, automated external attack surface monitoring for your domains.

The ASM portal runs ongoing security scans against your registered domains, alerting you when new subdomains appear, misconfigurations emerge, or vulnerable services are exposed.

Subdomain Enumeration

Automated discovery of all subdomains belonging to your registered domains, including shadow IT.

Security Checks

Each discovered host is checked for open ports, TLS issues, security headers, exposed services, and more.

AI Enrichment

Findings are enriched with AI-generated context, attack scenarios, and remediation from a curated KB.

Visual Screenshots

Each discovered web asset is automatically screenshotted so you can see what's exposed.

ASM Portal

Domain Management

Add root domains you own. The scanner discovers and monitors all subdomains automatically.

ASM → Domains → Add Domain
Enter your root domain (e.g. example.com).
Verify ownership (some plans)
Add a DNS TXT record to confirm ownership.
Domain is monitored continuously
Scans run on schedule. Manual scans can be triggered anytime.

Only add domains you own or have written authorization to test. The scanner performs active reconnaissance.

Domain Limits by Plan

Plan	Domains	Scan Frequency	Findings History
Personal	1	Weekly	30 days
Professional	5	Daily	90 days
Company	Unlimited	Continuous	Unlimited

ASM Portal

Scan Jobs

Phase 1: Subdomain Enumeration
DNS enumeration, certificate transparency logs, and brute-force wordlists.
Phase 2: Security Checks
Open ports, TLS/SSL config, HTTP headers, admin panels, subdomain takeover risk, and more.
Phase 3: AI Enrichment + Screenshots
Findings enriched with KB context, attack scenarios, and remediation. Screenshots captured.

Status	Meaning
Pending	Queued, waiting to start
Running	Actively scanning progress shown in real time
Completed	Scan finished; findings available
Failed	Fatal error retry or contact support

ASM Portal

ASM Findings

TLS/SSL Expired certificates, weak ciphers, missing HSTS
Security Headers Missing CSP, X-Frame-Options, CORP, etc.
Exposed Services Admin panels, databases, RDP/SSH exposed to the internet
Subdomain Takeover Dangling DNS records pointing to unclaimed cloud resources
Open Ports Unexpected services on non-standard ports
Outdated Software Detected versions with known CVEs
Misconfiguration Public S3 buckets, exposed environment files

Each finding includes an AI Chat assistant ask "How do I fix this in nginx?", "What's the CVSS score?", or "What's the real-world impact?" and get contextual answers grounded in your specific finding.

ASM Portal

Vulnerability Knowledge Base

ASM findings are enriched against nearly 2,000 KB entries sourced from:

OWASP ASVS Application Security Verification Standard
OWASP WSTG Web Security Testing Guide
OWASP Top 10 Most critical web application risks
MITRE CWE Common Weakness Enumeration
MITRE CAPEC Common Attack Pattern Enumeration

ASM Portal

Plans & Limits

ASM is available as a standalone subscription. See /asm#pricing for current pricing.

Enterprise plans with custom scan frequency and API-first access are available. Contact [email protected].

NEW

Lory AI Assistant

Your AI-powered cybersecurity guide, available on every page.

Lory is Lorikeet Security's AI assistant, trained on our full service catalog, pricing, methodology, and a knowledge base of nearly 2,000 vulnerability entries from OWASP, MITRE, and industry frameworks. Lory helps visitors understand cybersecurity concepts in plain English, find the right service, compare pricing, and navigate the platform. In the authenticated portal, Lory has live access to your projects, findings, and assets for personalized security guidance.

Conversational Chat

Ask questions in everyday language. Lory translates security jargon into plain English with streaming responses.

Knowledge Base Backed

Responses grounded in OWASP Top 10, ASVS, WSTG, MITRE CWE, and MITRE CAPEC data.

Voice Input & Output

Speak your questions and listen to Lory's responses with ElevenLabs-powered natural speech.

Pricing Guidance

Get instant pricing estimates and service recommendations tailored to your needs.

Charts & Reports

Visualize your findings data with interactive charts and generate printable security reports.

Book Meetings & Invoices

Schedule Teams meetings, generate Stripe invoices, or connect with a team member, all from the chat.

Lory AI

Response Types

Lory replies with structured content blocks for a richer experience than plain text.

Block Type	Description	Example Use
Text	Plain-language explanation	Answering "What is a pentest?"
List	Bullet-pointed items	Listing compliance frameworks
Pricing Card	Service name, price, timeline, and description	Showing web app pentest pricing
Link Card	Linked resource with title and description	Linking a relevant blog post
Table	Comparison data in rows and columns	Comparing service packages
Chart	Interactive chart (doughnut, bar, pie)	Severity breakdown of findings
Report	Printable security summary with sections	Executive overview of security posture
Invoice	Stripe invoice for immediate payment	Paying for a web app pentest
Booking	Schedule a Microsoft Teams consultation	Booking a free 30-minute call
Handoff	Connect with a human team member now	Urgent question about active engagement
Call to Action	Button linking to a next step	"View My Projects"

Try it now: Visit lorikeetsecurity.com/lory to chat with Lory, or use the chat widget in the bottom-right corner of any page.

Where to Find Lory

Dedicated page /lory for a full-screen chat experience with voice input and output
Widget The floating chat bubble on every page of the website
Dashboard Authenticated Lory inside the PTaaS and ASM portals with live access to your projects, findings, and assets

Lory does not store conversations between sessions. The authenticated dashboard version has access to your live project data, findings, and assets. For sensitive questions beyond that, contact your assigned tester directly.

Integrations

Connect Lorikeet Security to your existing toolchain from Dashboard → Marketplace. We support 30+ integrations across 9 categories. View the full marketplace.

Notifications & Alerting

Slack

Real-time alerts for new findings, scan completions, and retest updates.

Microsoft Teams

Adaptive Card alerts delivered to any Teams channel.

Discord

Rich embed security alerts for teams living in Discord.

SMS NEW

Critical finding alerts delivered directly to your phone via Twilio SMS.

Custom Webhooks

Push any event to any HTTPS endpoint with HMAC signature support.

Project Management & Ticketing

Jira

Auto-create Jira issues from findings with severity-to-priority mapping.

Azure DevOps

Create work items in Azure DevOps Boards from security findings.

Code Repositories

GitHub

Code vulnerability scanning, secret detection, and dependency analysis.

GitLab

Repository scanning, issue creation, and CI/CD pipeline integration.

Bitbucket

Repository scanning and pull request security analysis.

Coming Soon

We're expanding our marketplace with enterprise-grade integrations across SIEM, compliance, cloud security, CI/CD, and vulnerability management:

Splunk

HEC event forwarding with CEF/LEEF format support.

Drata

Auto-upload pentest evidence for SOC 2 and ISO 27001 compliance.

AWS Security Hub

Push findings in ASFF format for centralized cloud security.

PagerDuty

On-call escalation with automatic incident creation.

ServiceNow

ITSM incident creation with CMDB asset linking.

Tenable / Qualys / Rapid7

Bi-directional sync with vulnerability management platforms.

Request an integration if you don't see your tool listed.

For full webhook payload format and signature verification, see the Developer Documentation.

Webhooks

finding.created New confirmed finding added to a project
finding.updated Finding severity or status changes
finding.resolved Finding marked remediated by the pentest team
scan.started / scan.completed ASM scan job lifecycle
asset.discovered New asset found during ASM enumeration
ticket.created / ticket.updated Support/retest ticket changes

FAQ

Can I use both portals with one account?

Yes. One Lorikeet Security account grants access to both. Use the portal toggle on the login page.

How long do findings take to appear after a scan?

PTaaS findings appear in real time. ASM scan jobs complete in 3–10 minutes for small-to-medium attack surfaces.

Can I export findings to CSV or PDF?

PDF export is available from the findings dashboard. JSON/CSV export is available via the API.

What domains can I add to ASM?

Only domains and IP ranges you own or have written authorization to test.

How do I request a retest?

Click Mark Ready for Retest on the finding detail page. The team is notified automatically.

Can I invite my developers?

Yes. From Settings → Organization you can invite any number of team members. All members see the same workspace data.

Contact Support

[email protected] Contact form Developer docs Open a ticket in portal

Last updated: March 2026 · Lorikeet Security