Foxhound is the workflow and delivery platform behind Fenko’s penetration testing practice. Clients get a single portal to track engagement progress, review findings as we publish them, inspect evidence, and download reports without waiting until the end of the test.
Every Fenko pentest engagement runs through Foxhound. There’s no separate fee, no setup, and no plugin to install. When we kick off, your engagement is already live in the portal.
Access the Foxhound Portal →
What you get
Real-time findings as we discover them. Critical and high-severity issues are flagged the moment we confirm them, so your team can start remediation before the engagement is even complete. Each finding includes severity (CVSS 4.0), evidence (screenshots, request/response pairs, reproduction steps), and specific remediation guidance.
Professional PDF reports written for two audiences. An executive summary that explains risk in plain language for leadership, and a technical section with everything your engineers need to reproduce and fix each issue. Download as many times as you need.
Remediation tracking inside the portal. Mark findings as fixed, request a retest, and track your remediation progress across engagements over time. Retesting is included — once you’ve fixed something, we verify and update status. No separate invoice.
A scoped REST API and Model Context Protocol (MCP) integration. Pull findings into your own systems, query status from your AI tools, and route work into Jira, Linear, GitHub, Slack, Teams, ServiceNow, or your own webhooks.
Multi-tenant access for your whole team. Manage multiple properties and engagements under one organisation with viewer, manager, and admin roles.
How an engagement runs
- Scope and kickoff. We define targets, rules of engagement, and timeline together. You get a clear scope document before any testing begins. Your engagement goes live in the portal.
- Test and report. Manual testing against OWASP methodologies, supplemented by targeted automation. Findings land in the portal throughout the engagement, not at the end.
- Fix and retest. Your team remediates on your own schedule. Request a retest on any finding through the portal. We verify the fix and update the status.
- Track over time. Historical engagements, severity trends, and remediation rates across all your properties. A picture of your security posture over time, not just point-in-time snapshots.
What we test through Foxhound
Web applications, REST and GraphQL APIs, mobile apps (iOS and Android), internal and external network infrastructure, cloud configurations (AWS, Azure, GCP), source code reviews, and AI/LLM systems including prompt injection and agent tool-use testing.
Full coverage is described on the penetration testing page.
Our approach
Every engagement is led by a senior tester, not triaged by a junior. We test manually against OWASP methodologies (WSTG, ASVS, MASTG, OWASP Top 10 for LLM Applications). Reports are written for the people who actually have to fix things, with CVSS 4.0 scoring and plain-language risk context. We don’t pad reports with informational findings to make the deliverable look thicker.
You talk to the person doing the testing. No project managers relaying questions back and forth. If we find something critical, you hear about it the same day.