# Oscar Six Security

> Enterprise-grade cybersecurity at retail prices. Veteran-owned security firm in Dayton, Ohio protecting small businesses, schools, and local governments.

Focus Forward. We've Got Your Six.

## Our Mission

Security Shouldn't Bankrupt You. We're here to change the game.

For too long, cybersecurity has been a luxury good. If you weren't a Fortune 500 company with a million-dollar budget, you were left behind -- or worse, sold "lite" versions of tools that didn't actually protect you.

We are tired of seeing good people get taken advantage of by vendors selling fear and overpriced licenses.

Oscar Six was founded by Veterans with decades of experience in high-stakes defense. We know how the bad guys work, and we know how to stop them. We decided to strip away the bloat, the sales commissions, and the complexity to build security tools that micro-businesses, local schools, and townships can actually afford.

## Solutions

Enterprise tools. Retail prices. No BS.

### Radar -- Vulnerability Scanner

See your network like a hacker sees it.

A comprehensive vulnerability engine that throws 5,000+ real-world attack simulations at your infrastructure to find the holes before someone else does. If your firewall blocks us? Great. We'll give you a certification to prove you're secure.

- Product URL: https://radar.oscarsixsecurityllc.com
- Price: $99 per scan
- How it works: https://www.oscarsixsecurityllc.com/how-it-works.html

### Patrol -- Secure Email Gateway (Coming Soon)

Stop the #1 way hackers get in -- your inbox.

An agentless, API-driven email guard that catches the specific Business Email Compromise (BEC) attacks that slip past Microsoft and Google.

- Price: $5.00/month
- No contracts. No "call for pricing."

## How Radar Works

From domain entry to final report -- here's every step of the scanning process.

### Step 1: Enter Your Domain
Type your target domain. We check DNS and HTTP reachability before proceeding.

### Step 2: Domain Validation
We verify the domain resolves and is reachable. If behind a firewall, allowlist our scanner IP: 136.114.231.35

### Step 3: Verify Ownership
Add a DNS TXT record to prove you own the domain. Permanent -- only needed once per domain.

### Step 4: Payment
$99 per scan via Stripe. Secure checkout -- payment collected only after verification.

### Step 5: Scan Execution
Our automated engine runs a comprehensive security assessment against your target.

### Step 6: Report Delivery
A PDF report is emailed to you and available for download in your dashboard.

### What Our Scanner Does

During the scan, our engine performs a multi-phase security assessment:

**Reconnaissance:**
- Subdomain enumeration and discovery
- DNS record analysis (A, AAAA, MX, TXT, CNAME, NS)
- Technology fingerprinting (web servers, frameworks, CMS)
- WHOIS data and domain registration details

**Port & Service Scanning:**
- Identifying open ports across your infrastructure
- Detecting running services and their versions
- Service banner grabbing for deeper identification

**Vulnerability Assessment:**
- Testing for OWASP Top 10 vulnerabilities (XSS, SQLi, CSRF, etc.)
- SSL/TLS configuration and certificate analysis
- Missing or misconfigured security headers
- Outdated software with known CVEs

**AI-Powered Analysis:**
- All findings validated by AI to reduce false positives
- Severity classification: Critical, High, Medium, Low
- Contextual risk assessment based on your technology stack

**Report Generation:**
- Executive summary for management
- Detailed technical findings for engineers
- Prioritized remediation recommendations
- Overall risk assessment and scoring

### Understanding Your Report

Your PDF report is organized so both technical and non-technical stakeholders can take action:

- **Cover Page:** Shows your domain, scan date, and overall risk rating at a glance.
- **Executive Summary:** A high-level overview for management -- key risks, overall security posture, and top priorities without deep technical detail.
- **Technical Findings:** Detailed breakdown for engineers -- each vulnerability with severity, description, affected component, and evidence.
- **Remediation Recommendations:** Prioritized action items telling you exactly what to fix and in what order, based on risk and effort.
- **Appendix:** Raw scan data, full port listings, and additional technical details for those who want the complete picture.

## Who We Protect

We understand your pain. We built this for you.

### Micro & Small Businesses
You don't have a CISO, and you don't need one. You need "set and forget" protection that lets you focus on your customers, not your firewall.

### Local Government
Townships and Municipalities are under attack, but budgets are tight. We provide federal-grade defense on a municipal budget.

### Education Institutions
Schools hold sensitive data but often run on legacy systems. We help you protect students and staff without draining the technology grant.

## About

Built in the Heartland. The Miami Valley of Dayton, Ohio. Not Silicon Valley.

We aren't a faceless Silicon Valley startup burning venture capital. We are headquartered right here in Dayton, Ohio. We are your neighbors. We believe in hard work, straight talk, and standing behind our product.

### The Founders
Founded by two military veterans who spent their careers securing critical assets. Now, they are bringing that same discipline to Oscar Six.

### What is Oscar Six?
In military radio code, "Oscar" stands for the letter O, and "Six" refers to the 6 o'clock position -- your blind spot directly behind you. Put them together, and Oscar Six is shorthand for "On Your Six." It is a promise of protection. It means we are in position, we are alert, and we are guarding your blind side so you never have to look over your shoulder. While you focus on what's ahead, we secure what's behind.

## A2A (Agent-to-Agent) Integration

For a full technical deep-dive, see our announcement: https://blog.oscarsixsecurityllc.com/blog/oscar-six-radar-a2a-agent-to-agent-vulnerability-scanning

AI agents can autonomously discover, purchase, and receive Radar vulnerability scans via Google's A2A protocol.

### Discovery

Agent Card: https://radar.oscarsixsecurityllc.com/.well-known/agent.json
Endpoint: POST https://radar.oscarsixsecurityllc.com/a2a
Protocol: JSON-RPC 2.0

### Available Skill: vulnerability-scan

- Price: $99 per scan
- Payment: Stripe Shared Payment Token (spt_xxx) or Payment Method ID (pm_xxx)
- Requirement: Domain must be verified via DNS TXT record by the customerEmail

### Workflow

1. **Discover:** Fetch the agent card at `/.well-known/agent.json` to learn capabilities and pricing
2. **Send task:** `POST /a2a` with method `tasks/send`, providing domain, customerEmail, and payment token
3. **Domain verification:** If the domain is not pre-verified, the response includes DNS TXT instructions. Add the record and re-send.
4. **Poll status:** Use `tasks/get` with the returned taskAccessToken to check scan progress
5. **Get results:** When state is `completed`, the response includes the report URL

### Example: tasks/send

```json
{
  "jsonrpc": "2.0",
  "id": "1",
  "method": "tasks/send",
  "params": {
    "domain": "example.com",
    "customerEmail": "user@example.com",
    "paymentToken": "spt_xxx"
  }
}
```

### Example: tasks/get

```json
{
  "jsonrpc": "2.0",
  "id": "2",
  "method": "tasks/get",
  "params": {
    "id": "scan-uuid",
    "taskAccessToken": "abc123..."
  }
}
```

### Rate Limits

- 5 requests per hour per IP address
- Payment validation happens early; invalid tokens fail fast

### Security

- Domain ownership must be verified via DNS TXT record before scanning
- Government (.gov, .mil, .edu) and sanctioned country domains are blocked
- Task access tokens are required for polling and cancellation
- Report URLs are time-limited signed URLs

## Contact

- Sales: sales@oscarsixsecurityllc.com
- Legal: legal@oscarsixsecurityllc.com
- Blog: https://blog.oscarsixsecurityllc.com
- Radar Login: https://radar.oscarsixsecurityllc.com