Safe by design
Pentu tests your live application, so it's built to be careful. It exercises the app fully — but it will never do the genuinely dangerous things a careless tester might.
Strictly in scope
Every request is confined to your own domain and the backend hosts your app actually talks to. Pentu never touches third-party trackers, CDNs, or unrelated hosts it happens to see, and it won't port-scan a CDN's shared edge IPs — that tells you nothing about your server and violates the provider's rules.
Non-destructive
Pentu uses your app the way a real user would — creating projects, budgets, API keys, and invites, editing them, and deleting the ones it made — because exercising those flows is how it finds bugs. But it draws a hard line at anything genuinely critical or irreversible:
- No real payments or charges.
- No bulk or mass deletion.
- It never deletes or modifies data it didn't create, or that pre-existed the test.
- No real emails, messages, or spam to third parties.
- SQL-injection testing is time-based only — it measures response delay and never dumps or changes data.
Disposable test accounts — with a cleanup guide
To test the authenticated app, Pentu signs up disposable test accounts on a controlled mailbox. Every report includes a "Test data created" section that lists exactly which accounts it created, so you can remove them (and anything they created) in one step. Nothing is left behind quietly.
Human-paced
Requests are rate-limited to look like ordinary user traffic rather than a hammering scanner — gentler on your systems, and more representative of a real attacker.
Authorized testing only
Pentu is for testing applications you own or are explicitly authorized to test. Scans are consent-based, scoped to your verified targets, and everything the tester did is recorded in the report's transcript, so there's a full, honest account of the engagement.