← Back to case studies
Scalekit logo
SOC 2 Type II

Scalekit: SOC 2 pentest for enterprise B2B authentication

How a B2B SSO and SCIM platform used DeepScan to package auditor-ready SOC 2 pentest evidence for enterprise buyers.

Our enterprise buyers ask for SOC 2 and a recent pentest in the same security review. DeepScan mapped every finding to CC7.1 and CC6.1, and our auditor accepted the report without a single formatting revision.
Head of Security · Scalekit
Scalekit DeepScan case study
24h

to first validated findings

6d

to auditor-ready report

0

formatting revisions requested

CC7.1

mapped evidence

Challenge

What needed to be proven

Scalekit needed independent pentest evidence for a SOC 2 Type II review and enterprise customer security packets.

The scope included SSO, SCIM, tenant isolation, admin workflows, and API authorization paths where scanner output would not be enough.

Approach

How DeepScan tested it

DeepScan scoped the web app, API, SAML/OIDC flows, SCIM endpoints, and tenant boundary checks against the SOC 2 system description.

Agentic discovery accelerated coverage, while human operators validated business logic, exploit chains, evidence quality, and report wording.

Results

What changed

The final report mapped validated findings to SOC 2 controls, included reproduction evidence, and gave engineering clear remediation steps.

Scalekit used the report in auditor review and enterprise buyer conversations without reformatting the evidence package.

Services used

  • Web Application Pentest
  • Api Pentest
  • Soc2 Iso Hipaa Pentest

Need evidence like this for your audit or deal?

Start self-serve with a target today, or book a DeepScan-led pentest if you need the report delivered for you.

DeepScan delivers agentic pentesting with CyberImmune and CREST Certified partner delivery where required.