CyCognito Active Security Testing is a platform that performs automated security testing across external attack surfaces. The platform uses a multi-pass and multi-engine test architecture to conduct active security assessments that simulate attacker behavior. The platform performs network and web application tests, including dynamic application security testing (DAST), to identify security issues such as web application firewall presence, exposed data, lack of SSO/CAPTCHA, lack of cookie consent, authentication issues, and injection vulnerabilities. The testing approach involves a two-way multi-phase conversation between test engines and targets, where each stage informs subsequent test phases. CyCognito combines active test results with business context and technical context to generate discoverability and attractiveness scores for risk assessment. The platform uses payload-based security testing to validate security controls and identify gaps in security infrastructure. The system is designed to provide continuous testing across external attack surfaces with automated discovery capabilities. Results include attack path visualization and prioritization based on attacker interest. The platform aims to reduce false positives through built-in success criteria and high-fidelity testing methods.