What is Probely?
Probely scans your Web Applications to find vulnerabilities or security issues, and provides guidance on how to fix them, having Developers in mind.
Probely not only features a sleek and intuitive interface, but also follows an API-First development approach, providing all features through an API. This allows Probely to be integrated into Continuous Integration pipelines in order to automate security testing.
Probely covers OWASP TOP10 and much more, and can be used to check specific PCI-DSS, ISO27001, HIPAA and GDPR requirements.
This is what makes Probely different
Relevant Findings
At Probely we value your time. We know how frustrating it is to be asked to fix irrelevant findings that are marked as high-risk vulnerabilities. So, instead of focusing on the numbers and reporting issues that aren’t relevant to your business, we do our best to report only what matters and false-positive free.
For certain types of vulnerabilities, Probely provides Evidence-Based Reporting, meaning that it will extract and present an evidence to prove that a vulnerability is real.
Developer Centric
Developers love Probely because we pay attention to the little things, the details.
Besides making it easy for developers to automate their security testing process, we provide tailored instructions on how to fix vulnerabilities based on the technology being used on the site.
Turn DevOps into DevSecOps
Probely follows an API-First Development approach. All new features are first available on the API and then on the Web App.
This enables you to easily integrate Probely with your existing CI/CD Tools and have automatic security testing as part of your Software Development Life-Cycle (SDLC).
Core features
-
Integrations
Probely integrates with popular tools such as Slack and JIRA
-
API
Anything that can be done using the Web App can also be done directly via the API
-
Team members
Onboard your team and assign vulnerabilities to team members
-
Multi Environment testing
Scan your production environment with non-intrusive scans, and your testing with intrusive and complete scans
-
Compliance Reports
Archive PDF reports periodically as an evidence that you are serious about Security
-
Next Generation Spider
Probely’s spider was developed from scratch to navigate rich Javascript apps, just like a normal browser
Full Features
| Free | Starter | Pro | Premium | |
|---|---|---|---|---|
| Configuration | ||||
|
Customize Headers
Control which headers are used by the scanner |
||||
|
Customize Cookies
Control which cookies are used by the scanner |
||||
|
Scanning Profile
Choose one of our scanning profiles based on how intrusively you would like Probely to be while scanning your website |
||||
|
Schedule Scans
Schedule scans, or configure recurring scans on daily, weekly or monthly basis |
Only weekly and monthly |
|||
|
Fixed IPs
We use fixed IPs for all of our tests |
||||
|
Skip Target Validation
Skip Target validation for your domain when adding a new target (upon request) |
||||
|
Whitelisting
Add paths of your target for Probely to access and scan |
||||
| Integrations | ||||
|
Slack
Get notifications on Slack for scan start, finish, vulnerabilties found, etc |
||||
|
Jira
Sync findings with Jira |
||||
|
API
Use our full-featured API |
||||
|
Plugins for CI tools
Install a Probely plugin in your CI tool (Jenkins, Circle CI) |
||||
| Reports | ||||
|
Scan results report
Download a PDF report with the scan results |
||||
|
Compliance report
Download a PCI-DSS or OWASP TOP10 compliance PDF report |
||||
|
Coverage Report
Download a CSV file with the coverage of the scan (scanned endpoints) |
||||
| Authentication | ||||
|
Login Form
Let Probely authenticate on your website via Login Form, so it can scan your website as a logged in user |
||||
|
Basic Authentication
Let Probely authenticate on your website using basic authentication |
||||
|
Customize Cookies
Customize cookies to be used for authentication |
||||
|
Customize Headers
Customize headers to be used for authentication |
||||
| Teams and Collaboration | ||||
|
Team Members
Add unlimited number of users to your team |
||||
|
Assign vulnerabilities to a member
Assign a vulnerability to a certain team member to let them know that they are in charge of fixing it |
||||
| Scanner | ||||
|
Lightining scans
Run a quick 1 minute scan on your website for vulnerabilities related to Security Headers, Cookie flags and TLS |
||||
|
Full Scans
Scan your entire app for over 1000 vulnerabilities |
Only once per week |
|||
|
Extra hosts in the scope
Add extra-hosts for Single-Page Apps (SPA) or apps that call APIs |
||||
|
Fingerprinting
Our advanced fingerprinting recognizes popular web application and optimizes tests based on the technology used |
||||
|
Scanning Modules
We run specific modules to target a specific Web Application |
||||
|
Reducing False positives
Probely safely exploits some findings to confirm the vulnerability |
||||
|
Report false positives and invalid vulnerabilites
Probely will not report that vulnerability again and team will directly look into your case |
||||
| Targets | ||||
|
Multiple Enviroment Targets
Scan your production enviroment with non-intrusive tests, and your testing enviroment with intrusive and complete scans |
||||
|
Pool of targets
Have a pool of multiple targets under one account |
||||
|
Switch targets
Add and delete targets as long as you don't exceed the pool size of targets. |
||||
|
Archiving targets Add-On
Archive targets so that you can add new ones (on request). You will not lose history logs and data of the archived targets |
||||
| Payment | ||||
|
Payment by Credit Card
Fast payment by a Credit Card |
||||
|
Payment by Invoice
For annual contracts |
||||