General Platform Questions
What is MindFort?
What is MindFort?
MindFort is a red team security platform that provides advanced penetration testing for web applications. Unlike traditional vulnerability scanners, MindFort simulates real-world attack techniques and provides proof-of-concept exploits to demonstrate actual business risk.
How is red team testing different from regular vulnerability scanning?
How is red team testing different from regular vulnerability scanning?
Traditional Scanning:
- Identifies potential vulnerabilities
- Reports theoretical risks
- May include false positives
- Limited context on exploitability
- Actually exploits discovered vulnerabilities
- Provides concrete proof-of-concept evidence
- Demonstrates real business impact
- Shows how vulnerabilities can be chained together
Coming Soon: MindFort will also offer runtime vulnerability scanning and static code analysis to complement red team assessments.
Do I need special permissions to test my applications?
Do I need special permissions to test my applications?
Requirements:
- You must own or have explicit permission to test the target applications
- Ensure legal authorization for penetration testing
- Consider notifying relevant teams (IT, Security, Legal) before testing
- Some organizations require formal authorization for security testing
Only test applications you own or have written permission to assess. Unauthorized testing may violate laws and terms of service.
Assessment Questions
How long do assessments typically take?
How long do assessments typically take?
Turbo Method:
- Duration: Minutes to under an hour
- Coverage: Focused on common vulnerabilities
- Best for: Regular monitoring, CI/CD integration
- Credit usage: Lower
- Duration: Several hours for comprehensive testing
- Coverage: Thorough analysis including complex attack chains
- Best for: Quarterly assessments, compliance requirements
- Credit usage: Higher
Can I cancel a running assessment?
Can I cancel a running assessment?
Yes, you can cancel assessments at any time:
- Go to Active Assessments
- Locate the running assessment
- Click Cancel
- The system will stop at the next safe checkpoint
What happens if my assessment finds no vulnerabilities?
What happens if my assessment finds no vulnerabilities?
This could indicate:
- Well-secured application (congratulations!)
- Limited testing scope - consider adding authentication
- Firewall blocking - ensure MindFort IPs are whitelisted
- Configuration issues - verify target URL and accessibility
- Try authenticated scanning with stored credentials
- Use Deep method for more comprehensive testing
- Verify target configuration and accessibility
- Consider this good news - your security measures are working!
Do you test private GitHub repositories?
Do you test private GitHub repositories?
Currently, MindFort focuses on red team assessments of live web applications.
Coming Soon: Static code analysis for private GitHub repositories will be available in future releases through our integrations.
Target and Configuration Questions
What is a 'target' in MindFort?
What is a 'target' in MindFort?
A target is a web application or domain that you want to assess for security vulnerabilities. Examples include:
- Production websites (https://yourapp.com)
- Staging environments
- API endpoints
- Web applications with authentication
Why can't I select my target when starting an assessment?
Why can't I select my target when starting an assessment?
Common Causes:
- Target not verified: Check target status in Settings > Targets
- Page needs refresh: Reload the New Assessment page
- Access permissions: Verify you have access to this target
- Target configuration: Ensure target URL is correct and accessible
Should I add authentication credentials to my targets?
Should I add authentication credentials to my targets?
Strongly Recommended for comprehensive testing:Benefits of Authentication:
- Test authenticated areas and user-specific functionality
- Discover vulnerabilities in protected sections
- Assess authorization and access control issues
- Get more comprehensive security coverage
- Use dedicated test accounts, not personal credentials
- Ensure test accounts have appropriate permissions
- Rotate credentials regularly
- Document credential purposes and limitations
Findings and Remediation Questions
What does 'exploitability' mean?
What does 'exploitability' mean?
Exploitability indicates how likely an attacker can use the vulnerability in practice:
- Exploitable: Confirmed working exploit, represents immediate business risk
- Potentially Exploitable: May be exploitable based on your specific configuration
- Non-Exploitable: Detected but unlikely to be abused in real-world scenarios
- N/A: Not applicable or exploitability couldn’t be determined
How should I prioritize fixing vulnerabilities?
How should I prioritize fixing vulnerabilities?
Recommended Priority Order:
- Critical + Exploitable: Emergency response required
- High + Exploitable: Address in current sprint
- Critical/High + Potentially Exploitable: Analyze and address promptly
- Medium + Exploitable: Include in next development cycle
- All other findings: Address during regular maintenance
Can MindFort help fix the vulnerabilities?
Can MindFort help fix the vulnerabilities?
Automated Assistance:
- Remediation Guidance: Specific steps to address each finding
- Code Patches: Downloadable fixes for supported vulnerability types
- Configuration Advice: Infrastructure and application setting changes
- Best Practices: Prevent similar issues in the future
- Retest Feature: Re-verify fixes after implementation
- Progress Tracking: Monitor remediation efforts over time
- Evidence: Confirm vulnerabilities are properly resolved
What if I think a finding is a false positive?
What if I think a finding is a false positive?
Review Process:
- Examine Evidence: Check proof-of-concept and exploitation screenshots
- Team Discussion: Use comments to collaborate on finding validity
- Vote on Findings: Team consensus on false positive status
- Archive if Appropriate: Remove from active list while maintaining record
- Contact Support: For complex cases, use in-app chat for expert review
Billing and Plans Questions
How does credit usage work?
How does credit usage work?
Credit Consumption Factors:
- Assessment Method: Deep uses more credits than Turbo
- Target Complexity: Larger applications require more resources
- Authentication Depth: Authenticated scans consume additional credits
- Findings Processing: Exploitation and evidence generation use credits
- Monitor usage in the Billing section
- Upgrade plan or purchase add-ons as needed
- Receive warnings before exceeding available credits
What's the difference between subscription plans?
What's the difference between subscription plans?
Plan Features Typically Include:
- Monthly Credit Allocation: Amount of testing you can perform
- Target Limits: How many applications you can configure
- User Seats: Number of team members with access
- Advanced Features: Scheduling, retesting, integrations
- Support Level: Response time and support channels
Contact your organization administrator or check the Billing section for specific plan details and upgrade options.
Can I purchase additional credits or targets?
Can I purchase additional credits or targets?
Yes, most plans offer add-on purchases:
- Extra Credits: For additional assessment capacity
- Additional Targets: When you need to test more applications
- Premium Features: Advanced capabilities like scheduling or integrations
What are target slots and why do I need them?
What are target slots and why do I need them?
Target Slots Purpose:
- Assessment Concurrency: Control simultaneous assessment execution
- Vulnerability Storage: Maintain historical records for each target
- Team Organization: Support multiple applications and development teams
- Single Application: One slot sufficient for individual web applications
- Multiple Apps/Teams: Separate slots recommended for different applications
- Running Out: Contact support to purchase additional slots rather than losing vulnerability history
User Management & Roles
How do user roles work in MindFort?
How do user roles work in MindFort?
Administrator Role:
- Billing Access: View and modify subscription, credits, and payment methods
- Team Management: Invite users, change roles, remove team members
- Target Management: Add, configure, and delete targets
- Full Platform Access: All assessment and reporting capabilities
- Credit Visibility: Monitor credit usage and balance
- Assessment Execution: Start new red team assessments
- Results Review: View findings, vulnerability details, and reports
- Limited Configuration: Cannot modify billing, invite users, or manage targets
- No Financial Access: Cannot see credit balance or billing information
How do I invite team members?
How do I invite team members?
Admin Requirements: Only administrators can invite new team members.Invitation Process:
- Navigate to team management settings (admin access required)
- Click “Invite User” or similar option
- Enter email address of team member to invite
- Select appropriate role (Admin or Regular User)
- Send invitation - user will receive email with setup instructions
Can I change user roles after invitation?
Can I change user roles after invitation?
Yes, administrators can modify user roles:
- Promote to Admin: Grant billing and team management access
- Demote to Regular User: Remove administrative privileges
- Remove Users: Delete team members who no longer need access
Technical Questions
What IP addresses does MindFort use for scanning?
What IP addresses does MindFort use for scanning?
Current MindFort IP Addresses:
- 54.201.16.113
- 54.245.116.141
- 44.241.142.189
- Add these IP addresses to your firewall/WAF allowlist
- Ensure both HTTP (port 80) and HTTPS (port 443) traffic is permitted
- Go to Settings > WAF Configuration for the most current list
- Use the platform’s “Copy All” feature for easy configuration
Important: IP addresses may change occasionally. Always check Settings > WAF Configuration in the platform for the most current list.
How do you handle sensitive data during assessments?
How do you handle sensitive data during assessments?
Security Measures:
- Encryption: All data transmission uses TLS encryption
- Access Control: Strict access controls on assessment data
- Data Retention: Findings and evidence stored securely with controlled retention
- Compliance: Platform designed with security and privacy best practices
- Only test applications you own or have permission to assess
- Be aware of what sensitive data might be present in target applications
- Follow your organization’s data classification and handling policies
Can I integrate MindFort with my CI/CD pipeline?
Can I integrate MindFort with my CI/CD pipeline?
API Integration: Yes, MindFort provides REST API access for automation:
- Start assessments programmatically
- Retrieve findings and results
- Integrate security testing into deployment workflows
- Automate report generation
Support Questions
How do I get help if I'm stuck?
How do I get help if I'm stuck?
In-App Chat:
- Located in bottom right corner of the platform
- Real-time support during business hours
- Best for immediate assistance with specific issues
- support@mindfort.ai
- Detailed questions and non-urgent issues
- Include screenshots and detailed descriptions
- Chat: Real-time during business hours
- Email: 2-4 hours during business hours
- Complex issues may require 24-48 hours
What information should I include in support requests?
What information should I include in support requests?
Helpful Details:
- Organization name and your email address
- Specific error messages or unexpected behavior
- Steps to reproduce the issue
- Screenshots of problems or error screens
- Target names or assessment IDs when relevant
- Browser type and version for UI issues
- What you were trying to accomplish
Can I request new features or provide feedback?
Can I request new features or provide feedback?
Feedback Channels:
- In-App Chat: Discuss feature requests with support team
- Email: Send detailed feature proposals to support@mindfort.ai
- User Feedback: Platform may include feedback mechanisms
- Common requests are prioritized for development
- Security-focused enhancements are especially welcomed
- Integration requests help shape platform roadmap
Getting Started Tips
What should I do first as a new user?
What should I do first as a new user?
Recommended First Steps:
1
Add Your First Target
Configure a web application in Settings > Targets
2
Verify Target Access
Ensure target shows as verified and accessible
3
Start with Turbo Assessment
Run a quick assessment to understand the platform
4
Review Findings
Explore the vulnerabilities interface and finding details
5
Generate a Report
Create your first security report for stakeholders
How often should I run assessments?
How often should I run assessments?
Recommended Frequency:
- Production Systems: Monthly deep assessments
- Active Development: Weekly turbo assessments during development cycles
- After Major Changes: Assessment following significant updates or releases
- Compliance Requirements: Based on your industry standards and regulations
What makes a good test target?
What makes a good test target?
Ideal Characteristics:
- Representative: Reflects your actual production environment
- Accessible: Reachable from external networks (as attackers would see it)
- Complete: Includes authentication and main application functionality
- Stable: Not frequently changing during assessment periods
- Authorized: You have explicit permission to test
Remember, MindFort is designed to help you improve your security posture through realistic attack simulation. The findings and evidence provided represent real risks that need attention to protect your business and users.