Remediation Validation

After your team fixes security issues we previously reported, we retest those specific items and confirm whether each fix worked. You receive a clear status per finding: resolved, partially resolved, or still open, with evidence.

Remediation validation report

2026-03-14 · Retest window

NX-VAL-2026-03188% completeSample

5

Resolved

2

Partial

1

Open

88%

Complete

8 findings in scope · production environment · fixes deployed 2026-03-12

IDFindingSeverityStatus
WEB-014Missing security headersMediumResolved
WEB-021Session fixation on loginHighResolved
PT-007SQL injection in search parameterCriticalResolved
PT-012IDOR in orders APIHighResolved
WEB-048Weak CSP policyMediumResolved
WEB-033Verbose error messages on APILowPartial
WEB-052CORS misconfigurationHighPartial
WEB-041Password policy not enforcedMediumOpen
Noctulux · Confidential samplePage 1 of 14

Per-finding

Retest status

Evidence

Method documented

Focused

Not a full re-test

EUR 450+

Starting price excl. VAT

Deliverables

What you actually receive

Every engagement ends with concrete artifacts your team can use. Not slides. Browse sample outputs below.

Validation status register

Per-finding retest outcome: resolved, partial, or still open. Tied to original IDs.

Remediation validation report

2026-03-14 · Retest window

NX-VAL-2026-03188% completeSample

5

Resolved

2

Partial

1

Open

88%

Complete

8 findings in scope · production environment · fixes deployed 2026-03-12

IDFindingSeverityStatus
WEB-014Missing security headersMediumResolved
WEB-021Session fixation on loginHighResolved
PT-007SQL injection in search parameterCriticalResolved
PT-012IDOR in orders APIHighResolved
WEB-048Weak CSP policyMediumResolved
WEB-033Verbose error messages on APILowPartial
WEB-052CORS misconfigurationHighPartial
WEB-041Password policy not enforcedMediumOpen
Noctulux · Confidential samplePage 1 of 14

Practical

What to expect

Who it's for, how we work together, and where we draw the line.

Best for

  • Closing out critical or high findings after a remediation sprint
  • Providing evidence to auditors, customers, or internal risk forums
  • Confirming fixes before a major release or renewal
  • Following up on a penetration test or external rating report

How the engagement runs

  1. 1. Agree finding IDs, target environment, and deployment confirmation from your team

  2. 2. Confirm access and credentials for retest

  3. 3. Focused retest of agreed findings within scope

  4. 4. Status documentation with evidence per finding

  5. 5. Validation report delivery

Honest boundaries

  • Validation covers only the findings and environments agreed in scope
  • Partial fixes may be documented as partially resolved, not upgraded to resolved without evidence
  • A clean validation does not imply no other issues exist outside retested items
  • Timing depends on your confirmation that fixes are deployed in the target environment

Engagement package

What you get. And what you don't.

Fixed outputs and scope, agreed before we start. No surprises afterward.

Remediation validation report or addendum

  • Per-finding status table with evidence references
  • Summary of residual risk for validated items
  • List of items not retested with reason (if any)

Detailed examples are shown in the deliverables section above.

Plan a conversation

Starting from €450 excl. VATPricing guidance