Choose a plan and get secure!
All paid plans start with a 14-day free trial.
Assess and Improve your security posture with a quick, basic scan
billed at €0 / year
billed at £0 / year
billed at $0 / year
- Lightning Scan (Security Headers, Cookie flags and TLS)
- Vulnerability Manager
Great for small businesses on a limited budget that value their security
€588€468 / year
£588£468 / year
$732$588 / year
- Scan the entire App
- Scan behind Login
- Weekly Scanning
- Unlimited Users
ProMost popular for SMB!
Perfect for growing businesses that value efficiency and flexibility
€1032€828 / year
£1032£828 / year
$1332$1068 / year
- Integrations (Slack, Jira, others)
- API scanning based on OpenAPI schema/ Postman Collection
- Scanning Profiles
- Single-page App scanning
- Unlimited Scans
Suitable for established businesses that want the freedom to add/remove targets
- Pool of active targets
- Delete or add new targets
- Payment by invoice (optional)
- Contact Us for different pool sizes
Best for Enterprises and businesses with 15+ targets
- Everything from other plans plus
- Agent to scan internal targets
- Groups, Roles and Permissions
- Single-Sign On (SSO)
- Dedicated Account Manager
Compare our plans
| Lightning scans |
Run a quick 1 minute scan on your website for vulnerabilities related to Security Headers, Cookie flags and TLS
| Full Scans |
Scan your entire app for over [1000 vulnerabilities](https://help.probely.com/en/articles/1994975-what-types-of-vulnerabilities-does-probely-detect)
|Only once per week|
| Standalone API and Micro-services scanning |
Scan APIs based on a Swagger/OpenAPI schema or Postman Collection file
| Single-Page App Scanning |
Support for Single-Page App Scanning (AngularJS, ReactJS, etc.)
|If API host is in scope|
| Extra hosts in the scope |
Add extra-hosts for Single-Page Apps (SPA) or apps that call APIs
| Fingerprinting |
Our advanced fingerprinting recognizes popular web application and optimizes tests based on the technology used
| Scanning Modules |
Run specific scanning modules aimed at certain technologies of the target
| Scanning Profiles |
Choose one of our scanning profiles based on how intrusively you would like Probely to be while scanning your website
| Reducing False-Positives |
Probely safely exploits some findings to confirm the vulnerability
| Report False-Positives and Invalid Vulnerabilities |
Probely will not report that vulnerability again and the team will analyze the case and prevent future ones
| Schedule Scans |
Schedule scans, or configure recurring scans on a daily, weekly, or monthly basis
|Only weekly and monthly|
| Fixed IPs |
We used fixed IP addresses for all of our scans
| Seeds List |
Add paths from your target to the list of URLs to be crawled/scanned
| Reject List |
Add paths from your target to the list of URLs that you don't want Probely to crawl/scan
| Custom Headers |
Control which headers are used by the scanner
| Custom Cookies |
Control which cookies are used by the scanner
| Pool of targets |
Have a pool of multiple targets under one account
| Switch targets |
Add and delete targets as long as you don't exceed the pool size of targets.
|once per month|
| Skip Target Validation |
Waive target ownership validation requirement when adding a new target (upon request)
| Target Labels |
Set target labels to group targets
| Login Form |
Let Probely authenticate on your website via Login Form, so it can scan your website as a logged in user
| Basic Authentication |
Let Probely authenticate on your website using basic authentication
| Customize Cookies |
Customize cookies to be used for authentication
| Customize Headers |
Customize headers to be used for authentication
| Dynamic API Authentication |
Extract a token (e.g. JWT) from the response to an authentication request, and use it in a header or cookie in the following requests.
| Slack |
Get notifications on Slack for scan start, finish, vulnerabilities found, etc
| Jira |
Two-way sync findings with Jira
| API |
Use our full-featured API
| Plugins for CI tools |
Install a Probely plugin in your CI tool (Jenkins, Circle CI)
| Azure DevOps |
Two-way sync findings with Azure DevOps Boards
| DefectDojo |
Sync findings with DefectDojo
| Webhooks |
Set Webhooks via the API to be notified of Probely events
| Scan Results PDF Report |
Download a PDF report with the scan results
| Coverage Report |
Download a CSV file with the coverage of the scan (scanned endpoints)
| Scan Results Editable Report |
Download an MS-Word report with the scan results
| Compliance Report |
Download a PCI-DSS or OWASP TOP10 compliance PDF report
|Teams and Collaboration|
| Unlimited Users |
Add unlimited number of users to your team
| Assign vulnerabilities to a member |
Assign a vulnerability to a certain team member to let them know that they are in charge of fixing it
| Single Sign-On |
Single Sign-On Support (SAML, Microsoft AD, OpenID Connect)
| Role-based Access Controls |
Assign roles to users, create new roles with a set of permissions, grant user roles account-wide or on target-basis
| Payment by Credit Card |
Fast payment by a Credit Card
| Payment by Invoice |
For annual contracts. Wire transfers.
| Online Chat Support |
Online Chat Support (only in English)
| Dedicated Account Manager |
Dedicated Account Manager that knows your business and acts as a single point of contact with Probely.
| Priority Support |
Priority Support via email or chat
| Data stored in a top-tier EU datacenter |
Data stored in the EU in a top-tier cloud provider with strict security controls
| Data stored in a top-tier US datacenter |
Data stored in the US in a top-tier cloud provider with strict security controls (on request)
| Data stored in a separate database instance |
Data stored in a segregated database instance, in a top-tier cloud provider or on premisis (addon)
Choose the best plan for you and get secure!
- What is the difference between a target and a pool of targets?
When you select the Starter or Pro plan, your subscription is tied to the target’s URL. This means that you can’t delete that target and add a new one under the same subscription.
When you select the Premium Plan, your subscription is for five active targets. You are free to delete or add new targets, as long as you don’t exceed the pool size ( five slots). Read more.
- What is a target?
A target is the URL of a web application or website. The scope of the scan is the target. The scanner will never exceed its scope (it will never scan any page that is not under the target).
Here are some examples of targets:
If the target is https://example.com, the scanner will not scan www.example.com or any other hosts. In other words, the scanner will only scan URLs that start with ‘example.com’.
- What does the free plan include?
The free plan is our contribution to making web security accessible . It helps your business identify and fix the critical vulnerabilities, improving the security posture of your business. The Lightning Scan includes five free targets.
- Can I upgrade my subscription plan?
Yes, you can adjust your plan in the Probely interface or contact us directly.
- Is there an Enterprise version of Probely?
Yes, Probely+ is our enterprise version. Read more.
- What payment methods do you accept?
We accept credit card payments (Visa, MasterCard, Maestro, American Express, Diners Club) and annual invoices for the Premium Plan.