> ## Documentation Index
> Fetch the complete documentation index at: https://docs.osto.one/llms.txt
> Use this file to discover all available pages before exploring further.

# Welcome to Osto

> One platform for security, compliance, and VAPT — built for fast-moving startups and scaling businesses.

**Osto is your trusted cybersecurity partner, built to simplify security for growing businesses.** Instead of stitching together a WAF, an endpoint tool, a CSPM, a compliance platform, and a VAPT firm — Osto delivers all of it as a single operating layer. You get real security, continuously mapped compliance, and audit-ready evidence, without needing a large IT or security team.

Compliance is the byproduct of security. We fix both.

## What you get

* **Real-time security** across cloud, application, endpoint, and network — live in hours.
* **Continuous compliance** with SOC 2 Type II, ISO 27001, HIPAA, GDPR, and PCI DSS — controls mapped and evidence collected automatically.
* **OSCP-led VAPT** with a 7-day testing cycle, remediation support, and final diligence-ready reports.
* **One dashboard** — 20+ modules, one invoice, one source of truth.

<img src="https://mintcdn.com/osto/AH9LQ2o2aScfdFt0/images/osto-platform-overview.svg?fit=max&auto=format&n=AH9LQ2o2aScfdFt0&q=85&s=c9f0fcf61cb253771561357b3da811a8" alt="Osto Platform Overview" width="1200" height="515" data-path="images/osto-platform-overview.svg" />

Every module ships from one platform and rolls up to one dashboard — so security, compliance evidence, and VAPT findings stay in sync.

## Platform modules

### ☁️ Cloud Security

* **Web App Protection** — OWASP Top 10, DDoS, bot blocking, and virtual patching.
* **Web API Protection** — Shadow API discovery, schema enforcement, and malicious traffic blocking.
* **Web Scanner** — Continuous vulnerability scanning of internet-facing applications.
* **Mobile App Scanner** — iOS and Android security testing before release.
* **Cloud Posture (CSPM)** — Misconfiguration and drift detection across AWS, Azure, and GCP.

### 💻 Code Security

* **SAST** — Static analysis integrated into your CI/CD.
* **SBOM** — Software bill of materials for every build.
* **SCA** — Dependency and vulnerability scanning.
* **License Compliance** — Open-source license policy enforcement in CI.

### 🖥️ Endpoint Security

* **App Control** — Whitelist approved applications and reduce unauthorized execution.
* **Device Control** — Govern USB, Wi-Fi, Bluetooth, and removable media.
* **File Access DLP** — Sensitive file access controls and data-loss prevention.
* **Disk Encryption** — FileVault and BitLocker enforcement.
* **Screen Lock** — Idle-session protection.

### 🌐 Network Security

* **ZTNA Secure Access** — Zero Trust with 2FA, time-based permissions, and instant blocking.
* **Domain Filtering** — Block malicious domains and enforce browsing policies.

### 📋 Compliance

* **Compliance Automation** — Continuously mapped controls and audit-ready evidence for SOC 2 Type II, ISO 27001, HIPAA, GDPR, and PCI DSS.
* **Security Awareness Training** — Continuous employee training with participation evidence audit-ready.

### 🔬 VAPT

* **Web App & API** — Black-box and grey-box testing.
* **Network & Infrastructure** — Internal and external attack simulation.
* **Mobile App Assessment** — iOS and Android security testing.
* **Source Code Assessment** — Secure SDLC and code-level findings.

### 📂 Audits

* **Logs Analyzer** — Centralized logs and audit-ready posture across every module.

## Why teams choose Osto

* **Days, not months.** Security controls live on Day 0. SOC 2 / ISO readiness in 7 days. ISO audit complete by Day 21.
* **Built in-house, end to end.** Every module is built and maintained by Osto — no third-party patchwork.
* **Proven on our own stack.** Osto is itself SOC 2 Type II and ISO 27001 certified, using the same platform we sell.

### Zero to SOC 2 Type II ready

```mermaid theme={null}
timeline
    title From deployment to audit-ready in under 4 months
    Day 0   : Security controls live across Cloud, App, Endpoint & Network
            : VAPT scope finalized
    Day 7   : VAPT findings delivered for remediation
            : SOC 2 & ISO 27001 control readiness reached
            : Internal & external audit kicked off
            : SOC 2 evidence collection on
    Day 21  : HIPAA readiness signed off
            : GDPR readiness (ROPA, DPIA, data map)
            : ISO 27001 external audit complete
    Day 97  : 90-day SOC 2 evidence period complete
            : Documents sent for external audit
    Day 118 : SOC 2 Type II readiness achieved
```

## Next steps

New to Osto? Start here:

* [Quick Start Guide](/getting-started/quick-start) — get up and running in minutes.
* [Core Concepts](/getting-started/core-concepts) — the foundations you'll work with day to day.
* [Posture Management](/how-to-guides/posture-management/connecting-aws) — connect your cloud accounts.

Need help? See [Best Practices](/support/best-practices), [FAQs](/support/faqs), or [Troubleshooting](/support/troubleshooting).