A customer enters their company name. The platform instantly begins mapping their entire digital attack surface, including domains, subdomains, cloud assets, and application endpoints, using 15+ specialized API sources.
The platform maps the full protection chain for every endpoint: which CDN fronts it, what WAF rules are active, where the load balancer sits, and whether the origin server is directly exposed. Misconfigurations at any layer become testable attack vectors.
Every discovered endpoint is probed from 15+ global locations using GlobalPing, testing ICMP, TCP, and HTTP availability. CDN-protected assets are identified and filtered to focus on real origin infrastructure.
Five specialized tools fingerprint each live endpoint: HTTP stack analysis with uTLS, DNS security audit, SMTP hardening check, SIP service probing, and Direct-to-Router attack surface mapping.
Physical device labs intercept real application traffic. A jailbroken iPhone and Android tablet capture mobile API calls, while a Windows lab analyzes traffic from 44 desktop applications, discovering hidden endpoints invisible to web scanners.
Before any testing, the platform captures the customer's real traffic patterns. Two methods: connect your CDN/WAF account (Cloudflare, AWS, etc.) for historical analytics, or add a lightweight JavaScript beacon to capture real user traffic. The baseline drives precise rate-limit thresholds, tuned to your actual traffic, not guesses.
All discovery results aggregate in the dashboard. The platform identifies protection gaps, maps the topology, and determines which attack vectors to test: L3/L4 volumetric, L7 application-layer, protocol-specific, and evasion techniques.
The Open Protection Index (OPI) scores the company across 6 categories before any resilience testing. This becomes the "before" snapshot that hardening will improve.
The Deploy Service provisions load generation instances across 19 active cloud platforms simultaneously (23 platform integrations total). Spot instances on 5 platforms reduce costs by 60-90%. Each bot auto-configures via boot.sh and registers with the Fleet Controller.
The Fleet Controller dispatches coordinated test commands to the entire fleet. Multiple attack vectors run simultaneously, including volumetric floods, application-layer stress, protocol abuse, and evasion techniques, replicating real-world DDoS patterns.
Real-world attacks come from thousands of IPs across many networks. Single-source load testing is trivially filterable. DDactic generates traffic from 19 cloud providers across dozens of ASNs and geographic regions, making the test indistinguishable from a real distributed attack.
Based on discovered vulnerabilities and test results, the platform generates vendor-specific CLI commands. 16 hardening templates across 6 vendors (Cloudflare, AWS, Azure, GCP, Akamai, Fastly) with optional credential injection for one-click deployment.
After the customer applies hardening (via CLI commands or manual configuration from the report), the bot fleet runs the same test battery again. The before/after comparison proves the hardening worked, and the improved OPI score demonstrates measurable security progress.
DDactic scans entire industries using public data sources (19 sectors, hundreds of companies) to establish average security postures. Your fully-tested OPI score is compared against the industry baseline, showing exactly where you stand relative to competitors and what ROI your hardening investment delivered.
DDoS resilience isn't a one-time test. Traffic patterns shift with seasons, product launches, and growth. DDactic continuously re-baselines traffic, adjusts rate-limit thresholds, and re-tests, ensuring protection evolves with the business.