WarDek is a complete compliance suite that combines an OWASP vulnerability scanner with NIS2, AI Act and GDPR compliance modules, specially designed for European SMEs.

Is my company subject to NIS2?

The NIS2 directive applies to essential and important entities in sectors such as energy, healthcare, transport, digital, etc. Use our free simulator to check.

How should I use WarDek reports in an audit?

WarDek reports provide a practical working base for your team, auditor, or compliance preparation. They are not an official certification or legal opinion.

How long does a scan take?

A complete OWASP scan typically takes between 2 and 5 minutes depending on the complexity of your website.

Absolutely. We never store your credentials. Reports are encrypted and you can delete them at any time. We are hosted in France.

Can I try before I buy?

Yes! The Free plan lets you test WarDek with 3 scans per month, no credit card required.

const scanResult = await wardek.scan(url)

if (result.severity === "CRITICAL") { alert(result) }

const headers = await checkSecurityHeaders(domain)

const tlsGrade = await validateCertificate(host)

const nis2Score = computeCompliance(assessments)

export async function runTier1Scan(target: string)

const findings = results.filter(r => r.score < 80)

await db.scan.create({ data: { url, score, findings } })

const vulnerabilities = await scanOWASPTop10(url)

if (cors.wildcard && cors.credentials) { flag("CRITICAL") }

const sslExpiry = cert.validTo.getTime() - Date.now()

const aiActRisk = classifyAISystem(systemDescription)

const dnsRecords = await checkSPF_DMARC_DKIM(domain)

const cookies = parseCookieFlags(setCookieHeader)

const xssPayloads = generateFuzzPayloads(endpoint)

const portScan = await nmap.quickScan(host, [80, 443, 8080])

logger.info({ action: "scan-complete", url, score })

return { score, grade, findings, compliance }

const rgpd = await auditDataProcessing(company)

const report = await generatePDFReport(scanId)

const scanResult = await wardek.scan(url)

if (result.severity === "CRITICAL") { alert(result) }

const headers = await checkSecurityHeaders(domain)

const tlsGrade = await validateCertificate(host)

const nis2Score = computeCompliance(assessments)

export async function runTier1Scan(target: string)

const findings = results.filter(r => r.score < 80)

await db.scan.create({ data: { url, score, findings } })

const vulnerabilities = await scanOWASPTop10(url)

if (cors.wildcard && cors.credentials) { flag("CRITICAL") }

const sslExpiry = cert.validTo.getTime() - Date.now()

const aiActRisk = classifyAISystem(systemDescription)

const dnsRecords = await checkSPF_DMARC_DKIM(domain)

const cookies = parseCookieFlags(setCookieHeader)

const xssPayloads = generateFuzzPayloads(endpoint)

const portScan = await nmap.quickScan(host, [80, 443, 8080])

logger.info({ action: "scan-complete", url, score })

return { score, grade, findings, compliance }

const rgpd = await auditDataProcessing(company)

const report = await generatePDFReport(scanId)

const sslExpiry = cert.validTo.getTime() - Date.now()

const aiActRisk = classifyAISystem(systemDescription)

const dnsRecords = await checkSPF_DMARC_DKIM(domain)

const cookies = parseCookieFlags(setCookieHeader)

const xssPayloads = generateFuzzPayloads(endpoint)

const portScan = await nmap.quickScan(host, [80, 443, 8080])

logger.info({ action: "scan-complete", url, score })

return { score, grade, findings, compliance }

const rgpd = await auditDataProcessing(company)

const report = await generatePDFReport(scanId)

const scanResult = await wardek.scan(url)

if (result.severity === "CRITICAL") { alert(result) }

const headers = await checkSecurityHeaders(domain)

const tlsGrade = await validateCertificate(host)

const nis2Score = computeCompliance(assessments)

export async function runTier1Scan(target: string)

const findings = results.filter(r => r.score < 80)

await db.scan.create({ data: { url, score, findings } })

const vulnerabilities = await scanOWASPTop10(url)

if (cors.wildcard && cors.credentials) { flag("CRITICAL") }

const sslExpiry = cert.validTo.getTime() - Date.now()

const aiActRisk = classifyAISystem(systemDescription)

const dnsRecords = await checkSPF_DMARC_DKIM(domain)

const cookies = parseCookieFlags(setCookieHeader)

const xssPayloads = generateFuzzPayloads(endpoint)

const portScan = await nmap.quickScan(host, [80, 443, 8080])

logger.info({ action: "scan-complete", url, score })

return { score, grade, findings, compliance }

const rgpd = await auditDataProcessing(company)

const report = await generatePDFReport(scanId)

const scanResult = await wardek.scan(url)

if (result.severity === "CRITICAL") { alert(result) }

const headers = await checkSecurityHeaders(domain)

const tlsGrade = await validateCertificate(host)

const nis2Score = computeCompliance(assessments)

export async function runTier1Scan(target: string)

const findings = results.filter(r => r.score < 80)

await db.scan.create({ data: { url, score, findings } })

const vulnerabilities = await scanOWASPTop10(url)

if (cors.wildcard && cors.credentials) { flag("CRITICAL") }

WARDEK

OPERATIONAL

RELIABILITY-FIRST COCKPIT

See what exposes you.

Prove what is real.

WarDek helps European SMEs see exposure, prioritize serious actions, and document what is confirmed, what still needs review, and what should be fixed next.

23

analysis modules

< 2min

results

NIS2 · RGPD · AI Act

frameworks covered

FR / EU

FR / EU hosting

Analyze my site View a sample report →

THREAT LEVELELEVATED

3 vulnerabilities detected — last scan 14:31:02

CLASSIFIED

73

/ 100

B+

Security Score

Security Headers

87%

SSL / TLS

95%

NIS2 Compliance

91%

Vulnerabilities

62%

ACTIVE FINDINGS3 CRITICAL

SQL injection vector detected on /api/loginCRITICAL

Exposed .env file on staging subdomainHIGH

Missing HSTS header — HTTPS downgrade possibleHIGH

Outdated TLS 1.0 cipher suite activeMEDIUM

View full report →OPERATIONAL

WARDEK SCANNING·SQL INJECTION·XSS·SSRF·TLS ANALYSIS·NIS2·RGPD·AI ACT·OWASP TOP 10·ISO 27001·CLASSIFIED INTEL·WARDEK SCANNING·SQL INJECTION·XSS·SSRF·TLS ANALYSIS·NIS2·RGPD·AI ACT·OWASP TOP 10·ISO 27001·CLASSIFIED INTEL·

Built for European teams

Team based in France

Hosted in EU

GDPR workflows

20 scan modules

Built for your role

One cockpit, with evidence and actions tailored to your role

CISO / CTO

“My board is asking for a security assessment”

Professional PDF report in 2 min, 0-100 score, prioritized action plan

DPO

“I need to prove GDPR compliance for the regulator audit”

Article 30 register, DPIA, pre-filled documentation

Developer / Freelancer

“My client is asking if their site is secure”

Quick audit to include in client deliverables

SME Director

“NIS2 requires me to do something but I don't know what”

Interactive checklist without jargon, concrete actions

Regulatory alert

Why act now?

Regulatory deadlines don't wait

NIS2

NIS2

In force since Oct. 2024

Fines up to EUR10M or 2% of turnover

67% of SMEs non-compliant

ENISA 2024

GDPR

GDPR

In force

Up to €20M or 4 % of global annual turnover

EUR4.2B in fines across Europe since 2018

GDPR Enforcement Tracker

AI Act

AI Act

Classification Feb. 2025

Up to €35M or 7 % of turnover (Art. 50)

80% of companies exposed without AI governance

OECD / European Parliament 2024

How it works

Two paths depending on your role

Technical Path

CTO / Developer / DevOps

Enter your URL

Type your website or API address

See the gaps

Headers, SSL, injections, cookies, CORS, ports, DNS, emails, exposed files...

Prioritize fixes

Overall score + recommendations prioritized by severity

PDF Report

Professional export for your team and audits

Compliance Path

DPO / CISO / Management

Choose a framework

NIS2, GDPR, AI Act or all three

Guided checklist

Simple questions, no technical jargon

Compliance score

Visualize your level and gaps

Audit report

Compliant PDF for statutory auditors and regulators

LIVE DEMO

Try WarDek now

Enter a URL and get a preview of your security score in 30 seconds.

See. Prove. Fix.

The security + compliance cockpit for European SMEs, with concrete output instead of vague promises.

OPERATIONAL

See what exposes you

WarDek analyzes your public web surface: headers, SSL/TLS, DNS, email, exposed files, CVE clues, WAF, CMS, AI exposure, LLM checks and more.

20 modules | 300+ checks | < 2 min

ACTIVECompliance Plan

Prove your level

NIS2, GDPR, AI Act, PCI-DSS, ISO 27001 and SOC 2. A single scan auto-assesses 6 frameworks. Checklists, scoring, scan bridges and exportable evidence.

8 modules | 6 frameworks auto | 1 scan

ACTIVEPro Plan

Fix concrete issues

Prioritized action plans, PDF reports, stack-specific remediation snippets, and score history help you move from findings to execution.

Actionable fixes | PDF | Score history

Why WarDek?

Compare the scan, proof, and compliance surfaces that matter to a European SME

Feature	WarDek	Qualys	SecurityHeaders	Mozilla Obs.	Tenable	Pentest-Tools
Price	€0-299/mo	$500/mo	Free	Free	Custom pricing	$79/mo
Results in	<2 minutes	5-30 minutes	<5 seconds	<10 seconds	30+ minutes	5-20 minutes
Core features
OWASP Scanner			~	~
NIS2 Compliance
GDPR Module
AI Act Compliance
French interface
PDF Reports
REST API
Advanced security coverage
HSTS Preload Status			~	~
security.txt Detection
Subresource Integrity (SRI)			~
Cipher Suite Analysis						~
CMS Detection
WAF Detection					~
OWASP LLM Top10

Security Blog

Latest Security Insights

Expert guides on web security, compliance, and best practices.

See all articles

Guides

Security Checklist Before Production Deployment: 25 Points

25-point security checklist before deploying to production. Infrastructure, application, authentication, data protection, and monitoring controls.

#security#deployment#checklist

18 avril 20269 min

Guides

How to Secure Your Website Quickly: 10 Practical Steps

A prioritized 10-step checklist to secure your website fast — from HTTPS and security headers to input validation, backups, and continuous monitoring.

#security-checklist#web-security#https

16 avril 20267 min

Conformité

GDPR Data Processor Obligations: Article 28 Complete Guide

GDPR Article 28 obligations for data processors. Controller vs processor distinction, mandatory DPA clauses, Schrems II impact, and compliance checklist.

#GDPR#Article 28#data processor

8 avril 20267 min

Transparent pricing

Clear plans for human-operated and machine-readable usage, without hype-driven overpromises.

Free

Ideal for a first audit

€0

3 OWASP scans per month
1 PDF report per month
Community support

Pro

14-day trial

Ideal for developers and consultants

€59/per month

50 OWASP scans per month
Custom PDF reports
Stack-specific remediation snippets
Score history
AI Advisor (5 msg/day)
Priority email support

Popular

Compliance

Ideal for SMEs subject to NIS2/GDPR/ISO 27001

€99/per month

Unlimited scans
8 compliance modules (NIS2, GDPR, AI Act, PCI-DSS, ISO 27001, SOC 2, DPIA, Rights)
Scan bridge → 6 frameworks auto
Unlimited scheduled scans
AI Advisor (30 msg/day)
Audit reports for CAC
Phone support

Enterprise

Consultant equivalent: ~EUR5,000/audit

€299/per month

Everything in Compliance +
API keys + public REST API v1
Enterprise webhooks
API-first CI/CD automation (GitHub Action + SARIF)
Priority AI Advisor
White-label
Priority support

FAQ

Frequently asked questions

Everything you need to know about WarDek

Have more questions?

FREE ASSESSMENT

Less theatre. More security decisions.

Run a free scan and leave with a score, priorities, and a usable proof base.

Analyze my site for free