Question 1

How much does it cost?

Accepted Answer

The initial vulnerability scan is free for YC companies. This includes a comprehensive audit and initial findings report.

For ongoing protection, continuous monitoring, and automated patching tailored to your codebase and team requirements, book a call to get a quote.

Question 2

How long does the initial scan take?

Accepted Answer

Typically within hours. Unlike human penetration tests that can take weeks to schedule and execute, our autonomous agents start mapping your attack surface immediately after integration. You'll receive your first actionable kill chain report the same day.

Question 3

How is this different from a bug bounty?

Accepted Answer

Consistency and coverage. Bug bounties rely on disparate researchers with varying skill levels looking at random parts of your system. Winfunc provides a systematic, exhaustive siege of your entire codebase. We don't just find bugs; we map complete attack paths that combine multiple minor flaws into critical exploits.

Question 4

Are the reports compliance-ready?

Accepted Answer

Yes. Our reports provide the detailed artifacts required for SOC 2, ISO 27001, and HIPAA compliance audits. We document the methodology, findings, and remediation evidence, giving auditors the technical proof they need to validate your security posture.

Question 5

What type of issues does the agent catch?

Accepted Answer

Beyond standard OWASP Top 10 vulnerabilities like SQLi, XSS, and SSRF, winfunc specializes in complex business logic flaws. We catch race conditions, unauthorized fund transfers, privilege escalation via API parameter tampering, and multi-step authentication bypasses.

Question 6

What languages does winfunc support?

Accepted Answer

Winfunc adopts a combination of on-the-fly generated tree-sitter queries, plug-and-play language servers (LSP), and LLM-powered analysis for ingesting codebase context with 100% accuracy. The team has worked on the problem of "codebase comprehension" for more than a year. Winfunc supports all major programming languages, including Haskell, Elixir, Clojure, Lua, and niche languages like Arc.

Question 7

How does winfunc guarantee zero false positives?

Accepted Answer

Traditional scanners rely on regex or shallow AST matching, leading to noise. Winfunc uses a formal verification engine that mathematically proves the existence of a vulnerability. For every finding, we generate an executable Proof-of-Concept (PoC) script that reproduces the exploit in your specific environment. If we can't exploit it, we don't report it.

Question 8

Do you have SOC 2 certification?

Accepted Answer

Yes, we are SOC 2 certified. You can view our security posture and compliance details at our Trust Center.

GET HACKEDBEFORE THE BAD GUYS DO

HTTP/2 upstream frame injection via oversized proxy_set_body (CVE-2026-42926)

stream accepts revoked client certificates despite ssl_ocsp on (CVE-2026-28755)

SCGI unbuffered mode sent truncated CONTENT_LENGTH causing backend desync

WebDAV COPY/MOVE path overlap corrupts files and collections

RSC reply decoder DoS via $K FormData amplification (CVE-2026-23864)

Permission model bypass via unchecked Unix Domain Socket connections (CVE-2026-21636)

Authentication bypass on FastMCP custom routes

SQL Injection via queueName in getDatabaseQueuesMetrics

Exponential merge keys in Bun's YAML implementation leads to DoS

0-click Account Takeover and Admin Operations via helper endpoint authorization bypass

mmctl terminal escape injection via unsanitized server-controlled output (CVE-2026-3108)

Zip bomb memory exhaustion in recursive document extraction (CVE-2026-3114)

Group member IDs leaked because GetGroup bypassed view restrictions (CVE-2026-3115)

mmctl export downloads created world-readable local files (CVE-2026-3113)

Private channel enumeration through /mute error messages (CVE-2026-21386)

Oversized password login DoS in legacy password comparison (CVE-2026-24458)

User-Agent version parser panic during session creation (CVE-2026-25783)

SSRF protection bypass via IPv4-mapped IPv6 literals (CVE-2026-2455)

Multi-session sign-out hook allows forged cookies to revoke arbitrary sessions

HTTP/1.1 CL.TE request smuggling in actix-http (GHSA-xhj4-vrgc-hr34)

Hoppscotch CLI sandbox escape through Node vm pre-request scripts (CVE-2024-34347)

the winfunc procedure

Initiate Contact

Define The Target

Vulnerabilities & Patches

Frequently
Asked
Questions

ship secure code.