What are these guides?

Each guide explains a real security finding that pentes.io detects — DMARC misconfiguration, SSL trust errors, exposed environment files, AI-generated code risks. The guide explains what it means, how to reproduce it yourself, and how to fix it step by step.

Are these guides free?

Yes. All guides are free to read. The scan CTA at the end of each guide lets you run a non-destructive scan against an asset you have proven you own — the free tier includes 5 scans per month.

Security Guides — Fix Common Vulnerabilities

"No DMARC Record Found" — What It Means and How to Fix It
Your domain has no DMARC policy, which means anyone can send email that appears to come from you. This guide explains what DMARC is, why v=DMARC1; p=none; is not enough, and how to move to enforcement.
Why Is My SSL Certificate Not Trusted?
The most common cause is an incomplete intermediate certificate chain — the server presents your domain certificate but omits the intermediates that connect it to a trusted root. Here is the diagnosis and the exact fix.
How to Find Exposed .env Files on Your Website
An exposed .env file leaks database credentials, API keys, and secrets to anyone who asks. Here are the four ways .env files become publicly accessible and how to check if yours is exposed.
AI-Generated Code Security Checklist
AI tools write working code fast but skip security defaults. An 8-point checklist covering Supabase RLS, secrets in bundles, missing headers, CORS, exposed files, and TLS — with concrete ways to check each one.

Scan your asset — safe by design