Run a quick 1 minute scan on your website for vulnerabilities related to Security Headers, Cookie flags and TLS

Scan your entire app for 20,000+ vulnerabilities - (https://help.probely.com/en/articles/1994975-what-types-of-vulnerabilities-does-probely-detect)

Scan APIs based on a Swagger/OpenAPI schema or Postman Collection file

Support for Single-Page App Scanning (AngularJS, ReactJS, etc.)

Add extra-hosts for Single-Page Apps (SPA) or apps that call APIs

Our advanced fingerprinting recognizes popular web application and optimizes tests based on the technology used

Run specific scanning modules aimed at certain technologies of the target

Choose one of our scanning profiles based on how intrusively you would like Probely to be while scanning your website

Probely safely exploits certain types of vulnerabilities to eliminate false-positives

Prevent Probely from reporting that vulnerability again. The team also analyzes reports to prevent similar cases in the future.

Schedule scans, or configure recurring scans on a daily, weekly, or monthly basis

We used fixed IP addresses for all of our scans

Add paths from your target to the list of URLs to be crawled/scanned

Add paths from your target to the list of URLs that you don't want Probely to crawl/scan

Control which headers are used by the scanner

Control which cookies are used by the scanner

Agent to scan targets hosted on a private network - https://github.com/Probely/farcaster-onprem-agent

Plugin to record navigation sequences. Record a navigation sequence and Probely will replay and scan the sequence

Run the scan on a subset of your target. You can also set the subscope while starting a scan via API, to speed up testing in CI/CD pipelines.

Scan only new and modified URLs since the previous scan.

Have a pool of multiple targets under one account

Add and delete targets as long as you don't exceed the pool size of targets.

Waive target ownership validation requirement when adding a new target (upon request)

Set target labels to group targets

Let Probely authenticate on your website via Login Form, so it can scan your website as a logged in user

Let Probely authenticate on your website using basic authentication

Customize cookies to be used for authentication

Customize headers to be used for authentication

Extract a token (e.g. JWT) from the response to an authentication request, and use it in a header or cookie in the following requests.

Record the login sequence and Probely will replay the sequence for authenticating on the target

Support for SSO and Openid Connect

Get notifications on Slack for scan start, finish, vulnerabilities found, etc

Two-way sync findings with Jira

Use our full-featured API

Install a Probely plugin in your CI tool (Jenkins, Circle CI)

Two-way sync findings with Azure DevOps Boards

Sync findings with DefectDojo

Set Webhooks via the API to be notified of Probely events

Download a PDF report with the scan results

Download a CSV file with the coverage of the scan (scanned endpoints)

Download an MS-Word report with the scan results

Download a PCI-DSS or OWASP TOP10 compliance PDF report

Add unlimited number of users to your team

Assign a vulnerability to a certain team member to let them know that they are in charge of fixing it

Single Sign-On Support (SAML, Microsoft AD, OpenID Connect)

Assign roles to users, create new roles with a set of permissions, grant user roles account-wide or on target-basis

Support for Teams / Business Units. A team comprises a group of users/roles and targets. You can set a maximum number of targets for the team (quota) and reserve a number of slots for targets.

Fast payment by a Credit Card

For annual contracts. Wire transfers.

Online Chat Support (only in English)

Dedicated Account Manager that knows your business and acts as a single point of contact with Probely.

Priority Support via email or chat

Data stored in the EU in a top-tier cloud provider with strict security controls

Data stored in the US in a top-tier cloud provider with strict security controls (on request)

Data stored in a segregated database instance, in a top-tier cloud provider or on premisis (addon)

Proactively Monitor scans, verify scan coverage and settings - Professional Services Plan Addon

Validate vulnerabilities and adjust the severity based on the context - Professional Services Plan Addon

Build custom scanning profiles (scan max duration, crawling patterns, tested vulnerabilities, enforce scanning speed, record actions or flows) - Professional Services Plan Addon