LEAP Security Snapshot

Make your
posture
provable.

A 9-category passive external scan that grades your domain the way an attacker would survey it. Buy a single Snapshot, subscribe to ongoing drift monitoring, or layer on a Verified / Audited / Certified badge that proves you're maintaining that grade.

Just the Snapshot

No badge. Just the data.

Best for vendor RFPs, board updates, insurance carriers, or quick drift monitoring. No public verification listing — the report is yours to share or keep.

One-time
Priority Snapshot
$49
single charge · no recurrence
  • Submit your domain, scan runs immediately
  • Full letter-graded report in 5–10 minutes
  • Yours to share or keep
  • No subscription, no follow-up nudges
Monthly
Snapshot Monthly
$29/mo
cancel anytime · no contract
  • Fresh snapshot every 30 days — automated
  • Email report + score-delta vs prior cycle
  • Snapshot history (last 90 days, trend chart)
  • Catches drift before it bites (cert expiries, new subdomains)
  • Lightweight drift monitoring without a retainer
Annual
Snapshot Annual
$290/yr
save $58 vs monthly · ~2 months free
  • Monthly auto-rescans, billed once
  • Same email reports + score-delta tracking
  • Full 12-month snapshot history + trend chart
  • Renews automatically (cancel any time)
  • Aligns with insurance / compliance renewal cycles
Or layer on a Badge

Verified. Audited. Certified.

A public verification page + a badge you can embed on your site (and share with insurance carriers, prospects, your own customers). Re-verified automatically on every monthly scan. A drop below threshold opens a humane grace period — you get an email + days to fix it — before the badge ever hides.

Bronze · Entry
Verified
For anyone scoring ≥ 85. No prerequisites.
$39/mo
billed monthly
To qualify: latest Snapshot scores ≥ 85.
  • Bronze "Verified" badge for your site
  • Public verification page on leaptosolutions.com
  • Drift alert emails when score drops
  • Snapshot history + trend chart
  • Branded PDF report download
  • 14-day grace period before suspension
  • Self-service re-scan (1/day)
Silver · Audit-grade
Audited
For Audit alumni. Score ≥ 90.
$59/mo
billed monthly
To qualify: completed $497 LEAP Audit + latest Snapshot ≥ 90.
  • Everything in Verified
  • Silver "Audited" badge
  • Audit findings dashboard access
  • Snapshot history + diff log (per-category drift)
  • Quarterly written remediation summary
  • 21-day grace period
  • Self-service re-scan (2/day)
Gold · Premier
Certified
For project-completed clients. Score ≥ 93.
$79/mo
billed monthly
To qualify: completed implementation project (any LEAP product) + latest Snapshot ≥ 93.
Included free with Monitor ($397/mo) or Advisory ($797/mo) retainer.
  • Everything in Audited
  • Gold "Certified" badge — top tier
  • Full Snapshot history + annotated milestones
  • 30-day grace period + manual review
  • Quarterly 15-min check-in call with AJ
  • Unlimited re-scan triggers
Coverage · same scan, every plan

9 categories. Layered by attack surface.

Every Snapshot — Standalone, Verified, Audited, or Certified — scores against the same nine signals attackers look for first. Each category produces an actionable finding mapped to a remediation a security pro can price.

01 · Transport
SSL/TLS Encryption
Cipher strength, protocol version, certificate validity, HSTS preload status.
02 · Transport
Email Spoofing Protection
SPF, DKIM, and DMARC published with enforcement policy — your inbox identity.
03 · Transport
Domain & DNS Hardening
DNSSEC, CAA, MTA-STS, TLS-RPT — the controls 95% of small businesses miss.
04 · Application
Browser Security Headers
CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy — XSS & clickjacking defence.
05 · Application
Cookie & Session Security
HttpOnly, Secure, SameSite flags on every cookie your site issues.
06 · Application
Software Version Disclosure
Server headers, framework versions, exposed admin paths that fingerprint your stack.
07 · Content
Subdomain Attack Surface
Every subdomain in public certificate transparency logs — potential entry points.
08 · Reputation
Malware & Blocklist Status
Google Safe Browsing — whether your site triggers a "deceptive site" warning.
Coming Soon
09 · Reputation
Dark Web Breach Exposure
How many of your employees' work emails appear in tracked data breaches.
Real use cases

Where this gets pulled out of the drawer.

RFP
Vendor RFPs
Big customer asking about your security posture. Send the Snapshot before they send a SIG-Lite.
$$
Cyber insurance
Carriers increasingly ask for evidence of baseline controls. A scored Snapshot answers half the renewal form.
Bd
Board updates
Quarterly board meeting wants a security number. Snapshot gives them a credible letter grade with trend.
M&A
M&A due-diligence
Acquirer's diligence checklist starts with "how exposed are they externally?" Hand them a Snapshot.
Already a LEAP customer? Every paid Audit, project build, and retainer includes a complimentary one-time Snapshot. Claim yours →
Frequently asked

Common questions.

What does "passive external" actually mean?
We only read what's already public on the internet — your DNS records, TLS certificate, HTTP response headers, certificate transparency logs, malware blocklists. No login attempts, no internal probing, no exploitation. Same data an attacker can survey in 30 minutes without touching anything that would alert your IT team.
How long does a scan take?
Most checks finish in seconds; SSL Labs takes 60–90s. Total wall time is usually 90s–2min. The full PDF report lands in your inbox within ~5 minutes after that.
What if my badge score drops one month?
Grace period kicks in — you get an email explaining exactly which category dropped and how to fix it. Bronze gets 14 days, Silver 21, Gold 30. Run a fresh scan once you've remediated and the badge returns to active. Suspended is recoverable. Revoked only happens after grace + no recovery.
Can I cancel my subscription?
Yes, any time. Monthly cancels at the end of the current billing cycle. Annual prorates the unused portion. Your badge (if any) stays active for the rest of the paid period, then quietly removes from the public verification page.
Why are Silver and Gold gated?
Because the badge is only meaningful if it's earned. Anyone can score 85 with a snapshot ($39/mo Verified). Silver says we actually audited your infrastructure ($497 Audit prerequisite). Gold says we built or implemented hardening for you. The gating is what makes the badge worth more than a trust seal.
Can I embed the badge on my site?
Yes — you get an HTML/SVG snippet from your portal. The badge links to a public verification page (/verify.html?badge_id=…) showing your tier, latest score, and re-verification date. Visitors can confirm the badge is real, not just decorative.