Advanced
- Scan Web Apps and APIs
- OWASP Top 10 Scans
- Integrate with your CI/CD pipeline via webhook
- PDF Vulnerability Reports
- 3 Team Members
- 2 Parallel Scans
Professional
- All Features in Advanced
- VulnSign Security API Access
- Privilege Escalation Testing
- PDF and XML Vulnerability Reports
- 10 Team Members
- 5 Parallel Scans
- Premium Support
Enterprise
- All Features in Professional
- Testing of Internal Web Apps
- Software Whitelabeling
- Pay via Invoice
- Whitelabel Reports
- Unlimited Team Members
- Premium Support & Custom SLA
Compare plans
Detailed Overview of our features and subscription packages
General Features
Number of scans per month per target
The number of team members that can be part of the team.
Scans for the OWASP Top 10 vulnerabilities.
Links to our security wiki in the user interface and the report. Includes general descriptions, code snippets for fixing, and videos.
We provide regular updates and new features to our scanners and the user interface.
Verify scan targets for invasive scanning by placing a file on your system or a specific API response for a GET statement.
The number of scans that can be started per month per project.
Assign specific roles and rights to users.
Verify scan targets for invasive scanning through our support.
Enables adjusting the scan requests per second.
Single-tenant hosting in our cloud and on-premise or virtual private cloud hosting.
Customizes the look and feel of our software and report.
Scan Targets
An application that consists of multiple individual pages. This is typically the case if you have an HTML, JSP, etc., per page displayed in your browser.
An application that is based on JavaScript. This is typically the case if the application is based on or uses frameworks like Angular, React, Vue, jQuery, or similar.
An application programming interface (API) is documented in a Swagger / OpenAPI version 2 file. Usually, the documentation is stored in a swagger.json file, which the scanner can import.
Authentication
Log in to your application via BasicAuth or with user credentials (user/password).
Log in to your application by defining keys and values for Cookies, HTTP Headers, or GET parameters.
Advanced Authentication Methods, such as Smartcard or Single-Sign-On (SSO) solutions or other authenticating users.
Scheduling / Automation
Create a scan schedule for your project to start scans daily or weekly.
Enables our webhook functionality, which can be generated for each project.
Allows the user to run multiple scans simultaneously in one account for different projects.
Get all API functionality, which includes setting up and deleting projects, retrieving scan results and status, and starting/stopping scans.
We can support the customer in writing their integrations for self-developed tools requiring specific reports or interactions.
Reporting and Notifications
Get our detailed pdf reporting with a high-level scan summary, detailed scan findings, general and specific descriptions of the found attack vectors, and remediation support.
The user can be notified about the scan status and results via Telegram.
Get our machine-readable reports in PDF, JSON or XML format.
Support and Billing
Get recommendations on how to get the most out of our software.
Allows paying per invoice for all annual contracts.
We guarantee a support response within 2 business days after receiving the request .
We provide additional support and coaching via workshops or during events.
Define your needed Service Level Agreements (SLAs) always to have the proper support for your security needs.