A focused, time-boxed SOC 2 penetration test that identifies and validates common web and API vulnerabilities likely to impact integrity, availability, and confidentiality controls.