Foundation Layer

The intelligence engine behind every scan

Prava Core is the primary offensive and defensive security intelligence layer of the Prava platform. It houses 28 specialised modules, each a dedicated AI expert in its domain — from traditional web and network security to the most advanced AI/LLM, quantum, satellite, and vehicular attack surfaces.

Each module is backed by a Mixture-of-Experts (MoE) architecture. Rather than a single generalised AI, Prava deploys specialised expert personas that reason collaboratively — delivering domain-precision coverage no single model can match.

Unified intelligence layer

All 28 modules share a common AI reasoning layer and knowledge graph for cross-domain correlation.

Predictive payload generation

AI generates novel attack payloads tailored to the specific target context, not just static exploit libraries.

MITRE ATT&CK mapping

Every finding maps to specific MITRE ATT&CK techniques and OWASP categories for direct remediation guidance.

MoE Engine — Expert Personas

Payload & Malware Expert Compliance Auditor Threat Intel Analyst OSINT Investigator DevSecOps Expert

Core Intelligence — 28 Modules

Web App (M1) Network (M2) Cloud (M3) Mobile (M4) API (M5) Code Audit (M6) SDLC (M7) AI/LLM (M11–M13) Quantum (M23) Satellite (M20) Vehicle (M9) OT/ICS (M10) +16 more

Outputs

CVSS v4 Reports Remediation Guides Audit Evidence SACT Mapping

Coverage

28 modules across every attack surface

From the browser to the boardroom, from API endpoints to satellite uplinks — no attack surface left uncovered.

M1 — Web Application Security

SQL injection, XSS, CSRF, SSRF, XXE, path traversal, authentication bypass, business logic flaws. Full OWASP Top 10 coverage with AI-generated contextual payloads.

M2 — Network Security

Port scanning, service fingerprinting, protocol exploitation, firewall evasion, network topology mapping, VLAN hopping, and covert channel detection.

M3 — Cloud Security

IAM misconfigurations, S3/blob exposure, serverless function analysis, container escape, Kubernetes RBAC audit, cloud privilege escalation paths.

M4 — Mobile Security

iOS/Android binary analysis, insecure data storage, improper session management, intent exploitation, certificate pinning bypass, and deep link abuse.

M5 — API Security

OWASP API Top 10, broken object-level authorisation, mass assignment, GraphQL introspection abuse, JWT flaws, rate limiting bypass, and API key enumeration.

M6 — Code Security Audit

Static analysis across 12 languages, taint flow tracking, insecure crypto detection, hardcoded secrets, SAST findings with remediation code snippets.

M7 — SDLC Security

End-to-end secure software development lifecycle security — from build and test through deploy, monitor, and compliance. 7-stage workflow coverage.

M17 — Container & Docker

Docker image vulnerability scanning, container escape analysis, registry security, Kubernetes admission control, and runtime threat detection.

M18 — Identity & Access

OAuth 2.0/OIDC security, SAML assertion attacks, SSO bypass, privilege escalation, directory traversal in IAM policies, and MFA bypass techniques.

M21 — Supply Chain Security

SBoM analysis, dependency confusion attacks, typosquatting detection, build pipeline integrity, and third-party component risk scoring.

M24 — DNS & Infrastructure

DNS zone transfer, subdomain takeover detection, BGP hijacking analysis, TLS/SSL misconfiguration, certificate transparency monitoring.

M25 — Wireless & RF Security

Wi-Fi security analysis, WPA/WPA2/WPA3 vulnerabilities, Bluetooth/BLE exploitation, RF signal analysis, rogue access point detection.

M8 — Hardware Security

31 hardware attack vectors including JTAG/UART interface exploitation, side-channel attacks, fault injection, PCB reverse engineering, and secure boot bypass.

31 attack vectors

M9 — Automotive / Vehicle Security

46 vehicular attack vectors: CAN bus injection, OBD-II exploitation, V2X protocol attacks, ECU firmware analysis, telematics security, and remote keyless entry attacks.

46 attack vectors

M10 — OT/ICS Security

SCADA and industrial control system assessments, Modbus/DNP3/IEC 61850 protocol analysis, HMI exploitation, PLC firmware vulnerabilities, and air-gap bypass techniques.

M19 — Healthcare Security

327 healthcare-specific attack vectors targeting DICOM, HL7/FHIR interfaces, medical device firmware, EHR authentication flows, and HIPAA-relevant data exposure pathways.

327 attack vectors

M20 — Satellite Systems Security

187 satellite attack vectors: ground station exploitation, uplink/downlink interception, TT&C protocol analysis, SDR-based signal injection, GPS spoofing, and orbital debris tracking interference.

187 attack vectors

M23 — Quantum Cryptography

Post-quantum migration assessment, harvest-now-decrypt-later threat analysis, NIST PQC algorithm evaluation, lattice-based cryptography audits, and quantum key distribution security.

M26 — Robotics Security

14 robotics attack vectors covering ROS/ROS2 exploitation, robot firmware analysis, sensor spoofing, actuator manipulation, inter-robot communication hijacking.

14 attack vectors

M27 — Blockchain & Web3 Security

Smart contract auditing, re-entrancy attacks, flash loan exploits, private key management analysis, bridge security, oracle manipulation, and MEV vulnerability assessment.

M11 — Prompt Injection

XPIA, encoding/obfuscation attacks, typoglycemia exploits, Best-of-N jailbreaking, HTML/Markdown injection, multi-turn context manipulation, system prompt extraction, and RAG poisoning.

13 attack vectors

M12 — LLM Security

Autonomous agent hijacking, code execution via hallucinations, tool-based privilege escalation, PII/PHI leakage, denial of wallet (DoW), model extraction, and RLHF manipulation.

45 attack vectors

M13 — Agentic AI Security

Zero-trust agent identity verification, ephemeral credential management, inter-agent communication monitoring, task loop detection, and kill switch validation.

24 attack vectors

M14 — Malware Analysis

Static and dynamic malware analysis, behavioural sandbox classification, C2 infrastructure identification, obfuscation de-layering, and IOC extraction from malware samples.

M15 — Phishing Email Analysis

Header analysis, sender spoofing detection, phishing kit identification, payload extraction from attachments, brand impersonation detection, and campaign attribution.

M16 — Threat Intelligence

MITRE ATT&CK correlation, STIX/TAXII feed integration, APT analysis, insider threat detection, and SOAR playbook management. Connected to Satyam dark web IOC feeds.

M22 — MCP Security

OWASP MCP Top 10 coverage, tool poisoning attacks, rug pull vulnerabilities, tool shadowing exploits, and server trust boundary violations in Model Context Protocol implementations.

14 attack vectors

M28 — Red Team Orchestration

Full kill-chain simulation, multi-stage attack orchestration, assumed breach scenarios, lateral movement simulation, and AI-generated adversarial playbooks.

M29 — OSINT Module

Open Source Intelligence

Prava's OSINT module automates the complete passive reconnaissance lifecycle — building a comprehensive external threat model before a single active probe is made.

Passive Reconnaissance

No active probing — all data gathered from public sources without triggering target-side alerts or leaving footprints.

DNS Enumeration

Subdomain discovery, DNS record analysis, zone transfer attempts, and reverse DNS mapping across the complete attack surface.

Certificate Transparency

Monitor public CT logs for newly issued certificates on your domains — detect shadow IT, forgotten assets, and attacker infrastructure mimicking your brand.

Dark Web OSINT via Satyam

Surface-web OSINT enriched by Satyam's dark web intelligence layer — providing a complete picture from indexed web through underground forums.

Digital Exposure Scoring

AI aggregates all OSINT findings into a single Digital Exposure Score — a boardroom-ready metric representing your external attack surface risk.

OSINT Data Sources

Shodan / Censys Active

Certificate Transparency Logs Active

WHOIS & Domain History Active

GitHub / Public Code Repos Active

Pastebin & Paste Sites Active

LinkedIn / Social Footprint Active

Dark Web via Satyam Integrated

M7 — SDLC Security

Security baked into every stage of development

From the first line of code to production deployment and beyond, Prava's SDLC module enforces security at every phase.

Build

Secure Coding, Dependency Scan, Secrets Protection

Test

SAST, DAST, Fuzzing

Audit

Code Audit, Policy Checks, Compliance Mapping

Deploy

Secure CI/CD, Compliance Check, Access Control

Monitor

Threat Detection, Log Analysis, Alerting

Response

Auto Response, Patch Management, Isolation

Compliance

Standards Alignment, Audit Reports, Live Compliance

Unique Differentiator

The only platform with 4 dedicated AI attack surface modules

As AI systems become infrastructure, they become targets. Prava Core covers the full AI/LLM attack surface that no other platform matches.

            M11
            Prompt Injection — 13 Vectors
          
 Cross-Prompt Injection Attacks (XPIA)
 Encoding & obfuscation attacks
 Typoglycemia-based jailbreaks
 Best-of-N jailbreaking
 HTML/Markdown injection in outputs
 Multi-turn context manipulation
 System prompt extraction & RAG poisoning

            M12
            LLM Security — 45 Vectors
          
 Autonomous agent hijacking
 Code execution via hallucinations
 Privilege escalation via tool calls
 PII/PHI leakage via inference
 Denial of Wallet (DoW) attacks
 Model extraction & inversion
 RLHF manipulation & fine-tune poisoning

            M13
            Agentic Security — 24 Vectors
          
 Zero-trust agent identity verification
 Ephemeral credential management audits
 Inter-agent communication monitoring
 Kill switch & override validation

            M22
            MCP Security — 14 Vectors
          
 OWASP MCP Top 10 full coverage
 Tool poisoning detection
 Rug pull attack analysis
 Tool shadowing & trust boundary violations

M16 — Threat Intelligence

Intelligence that enriches every scan

M16 transforms raw vulnerability data into contextualised threat intelligence — connecting your attack surface to the global threat landscape in real time.

MITRE ATT&CK Alignment

Every finding maps to specific ATT&CK tactics, techniques, and procedures — bridging vulnerability data and adversary behaviour.

STIX/TAXII Feed Integration

Ingest and correlate structured threat intelligence from global TAXII servers and share enriched IOCs back to your SIEM ecosystem.

APT Analysis & Actor Profiling

Identify which APT groups are likely targeting your sector and cross-reference findings with known group TTPs.

Satyam Dark Web IOC Feeds

M16 is directly connected to Satyam — enriching all 28 modules with underground intelligence, credential leaks, and active exploit sales.

SOAR Playbook Integration

Automated response playbooks triggered by intelligence correlations — reduce MTTD and MTTR with pre-built and custom playbooks.

Intelligence Sources

STIX/TAXII Feeds Satyam Dark Web CVE/NVD MITRE ATT&CK

M16 Threat Intel Engine

GraphRAG Correlation APT Profiling Campaign Analysis IOC Enrichment

Outputs to All 28 Modules

Contextualised Findings SOAR Playbooks Risk Prioritisation

Outputs

Reports that drive action

Every Prava Core scan delivers audit-ready evidence, prioritised remediation guidance, and direct compliance mappings.

CVSS v4

Industry-standard severity scoring with contextual adjustments

Priority

AI-ranked remediation backlog ordered by exploitability and business impact

Evidence

Audit-ready evidence packages with screenshots, request/response logs, and reproduction steps

SACT

Every finding auto-mapped to SACT compliance controls across all 37 frameworks

Prava Core Intelligence