Skip to main content
Indie Security uses a two-phase approach combining intelligent crawling with deep AI-powered security analysis. This guide explains our architecture and how our agents work together.

Two-Phase Approach

Our security testing methodology is designed to maximize coverage and accuracy:

Phase 1: Spider

Map your entire application surface. Every endpoint, every parameter, every state.
  • Human researchers with Burp Extension
  • ECHO-01 AI Crawler
  • Session capture and auth flows

Phase 2: Analysis

AI + Human analyze the collected data. Find vulnerabilities others miss.
  • AI Analysis Agent
  • Human analyst verification
  • Proof-of-concept exploitation

ECHO-01 AI Crawler

Our proprietary AI crawler intelligently maps application surfaces:
ECHO-01 understands application context and user flows, navigating like a real user rather than blindly following links.
Tracks application state across sessions, handling complex multi-step workflows and form submissions.
Automatically maintains sessions, handles token refresh, and re-authenticates when needed.
Identifies REST, GraphQL, and WebSocket endpoints from JavaScript analysis and traffic observation.

AI Analysis Agent

Our analysis engine tests for comprehensive vulnerability categories:

Injection Attacks

SQL, NoSQL, Command, LDAP, XPath injection

Cross-Site Scripting

Reflected, Stored, DOM-based XSS

Access Control

IDOR, privilege escalation, forced browsing

SSRF

Server-side request forgery variants

Business Logic

Race conditions, workflow bypass, state manipulation

Authentication

Session management, credential stuffing, brute force

Knowledge Graph Architecture

All discovered data flows into a Neo4j knowledge graph:
The knowledge graph enables cross-target analysis—finding patterns that single-target scans miss.

Assessment Modes

Best for: Regular monitoring and CI/CD integrationFully autonomous testing using AI-driven decision making. The agent prioritizes high-risk areas and adapts testing based on discovered vulnerabilities.

Human-in-the-Loop

While AI drives the analysis, human experts validate critical findings:
1

AI Detection

AI agent identifies potential vulnerabilities through automated testing.
2

Confidence Scoring

Each finding receives a confidence score based on exploit success.
3

Human Verification

Security analysts verify high-impact findings and refine false positives.
4

Remediation Guidance

Detailed fix recommendations with code examples.

Next Steps

Spider Phase

Deep dive into Phase 1 capabilities.

Analysis Phase

Explore Phase 2 testing methodology.