Scalekit: SOC 2 pentest for enterprise B2B authentication
How a B2B SSO and SCIM platform used DeepScan to package auditor-ready SOC 2 pentest evidence for enterprise buyers.
“Our enterprise buyers ask for SOC 2 and a recent pentest in the same security review. DeepScan mapped every finding to CC7.1 and CC6.1, and our auditor accepted the report without a single formatting revision.”
to first validated findings
to auditor-ready report
formatting revisions requested
mapped evidence
Challenge
What needed to be proven
Scalekit needed independent pentest evidence for a SOC 2 Type II review and enterprise customer security packets.
The scope included SSO, SCIM, tenant isolation, admin workflows, and API authorization paths where scanner output would not be enough.
Approach
How DeepScan tested it
DeepScan scoped the web app, API, SAML/OIDC flows, SCIM endpoints, and tenant boundary checks against the SOC 2 system description.
Agentic discovery accelerated coverage, while human operators validated business logic, exploit chains, evidence quality, and report wording.
Results
What changed
The final report mapped validated findings to SOC 2 controls, included reproduction evidence, and gave engineering clear remediation steps.
Scalekit used the report in auditor review and enterprise buyer conversations without reformatting the evidence package.
Services used
- Web Application Pentest
- Api Pentest
- Soc2 Iso Hipaa Pentest
Need evidence like this for your audit or deal?
Start self-serve with a target today, or book a DeepScan-led pentest if you need the report delivered for you.
DeepScan delivers agentic pentesting with CyberImmune and CREST Certified partner delivery where required.