Listing Thumbnail

    Probely

     Info
    Sold by: Probely 
    Probely's dynamic API and web application vulnerability scanner checks for and exposes vulnerabilities, while providing a report of the findings with detailed instructions on how to fix them. Developer-friendly and automated, built for security and dev teams to work together seamlessly. No more unnecessary noise: focus only on real threats, with Probely's industry-leading rate of false positives.

    Overview

    Probely is a new-gen DAAST (Dynamic API and Application Security Testing) platform that scans and exposes vulnerabilities, and provides an evidence-based report of all findings, with detailed instructions on how to fix them. Like adding a virtual security specialist to your team, that helps you find vulnerabilities fast and teaches you how to fix them.

    API and WebApp Vulnerability Scanning - Scan rich web applications, Single-Page Apps, and APIs, including microservices and standalone APIs that are based on the OpenAPI (Swagger) specification or Postman Collection. Support for REST, SOAP, and GraphQL API scanning. SPAs that make XMLHttpRequests (XHR) to an API, will be seamlessly followed through those requests to scan all respective API endpoints.

    Detection of over 30,000 vulnerabilities - With new checks being added constantly. Catered also for custom-built software, as Probely looks for classes of vulnerabilities, but also find well-known vulnerabilities.

    Next-Generation Spider - Probely's revolutionary spider, based on Headless-Chrome, crawls and indexes your rich, interactive JavaScript apps and sophisticated Single-Page Applications with ease.

    Developer-Friendly, Evidence-Based Reporting, and Fix Guidance - Each vulnerability includes a description, its evidence, and helpful code or configuration snippets that you can use to fix it. Probely detects the technologies that are used and tailor the instructions to the specific case. No need to go through a wall of text to find the relevant fix.

    Vulnerability Ranking and Logging - Vulnerabilities are ranked by severity and include a tailored how-to fix as well as a history log, so you can keep track of them.

    Lowest False Positive Rate in the Industry - We report only the security vulnerabilities that matter, with a near-zero false positive rate of 0.1%, ensuring that detected vulnerabilities are a real threat and need to be addressed. No unnecessary noise so you don't waste time checking or trying to fix what you don't need. If a finding is unexploitable, we don't report it.

    CI/CD Integration - Fully automate your web application and API security testing by integrating Probely into your CI/CD pipelines and enjoy two-way sync with your preferred issue-tracking platform. You can also seamlessly integrate Probely with your tools of choice by using our add-ons or integrate with anything through our full-featured, easy to use, and well-documented API. Probely's add-ons include tools such as ArmorCode, Azure DevOps (Boards), CircleCI, DefectDojo, Jenkins, Jira, JupiterOne, ShortCut, and Slack.

    API-First Development - Our web app is powered by our API, meaning that anything that can be done using the web app can also be done directly via the API - and features are usually available first through the API. Use it to integrate Probely's tests with your CI/CD pipeline, issue tracker or Slack (for instance).

    Compliance Requirements Fulfillment - Probely provides an easy and effective way to comply with the requirements related to AppSec testing of PCI-DSS, SOC2, HIPAA, ISO27001, GDPR, and other local-specific privacy acts standards using a series of detailed requirement reports that can be used as evidence to showcase your compliance.

    Highlights

    • The Lowest False Positive Rate - Industry-leading accuracy on findings, with little to no noise so you can focus only on the real threats. Probely also accurately detects over 30,000 vulnerabilities, with detailed evidence-based reports on the findings, with relevant fixes.
    • Powerful and Customizable - Scanning configurations, scheduled scanning, partial scanning, scanning behind firewalls, blackout periods, and custom scanning profiles. Authenticated scans through SSO, OpenID Connect, and 2FA, as well as support for re-authentication if the session is lost.
    • Modern API Scanning - Probely's API Scanner detects large amounts of potential vulnerabilities allowing your team to actively run security testing as part of their API development process. Supports REST, SOAP, and GraphQL APIs - OpenAPI (Swagger) spec or PostMan Collections. Built for CI/CD pipelines and the DevSecOps approach, Probely's especially suited for automation at scale with out-of-the-box integrations or through our API, so you can integrate with everything.

    Details

    Sold by

    Delivery method

    Features and programs

    Financing for AWS Marketplace purchases

    AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
    Financing for AWS Marketplace purchases

    Pricing

    Pricing is based on contract duration. You pay upfront or in installments according to your contract terms with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.

    1-month contract (1)

     Info
    Dimension
    Description
    Cost/month
    Enterprise
    For organizations with 5+ targets that value efficiency and flexibility
    $665.00

    Vendor refund policy

    Unless otherwise stipulated by us, the use of the paid Service is dependent on the up-front payment of the Fee established on our pricing page. The Fee is determined in accordance with the number of sites to be scanned and the subscription term, which may be monthly or annual, and/or the number and duration of scans (credits). Payment obligations are non-cancelable, fees paid are non-refundable, and quantities purchased cannot be decreased during the relevant subscription term.

    Legal

    Vendor terms and conditions

    Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .

    Content disclaimer

    Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.

    Usage information

     Info

    Delivery details

    Software as a Service (SaaS)

    SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.

    Resources

    Vendor resources

    Support

    Vendor support

    Probely supports their customers during business hours, from 8:00 am - 7:00 pm (GMT in wintertime; GMT+1 in summertime) on business days.

    Business Days are from Monday through Friday, except for Bank Holidays in Portugal.

    Customers may use the Chat on the bottom right of Probely's site to contact support.

    support@probely.com 

    AWS infrastructure support

    AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.

    Similar products

    Customer reviews

    Ratings and reviews

     Info
    0 ratings
    5 star
    4 star
    3 star
    2 star
    1 star
    0%
    0%
    0%
    0%
    0%
    0 AWS reviews
    |
    19 external reviews
    External reviews are sourced from G2  and are not included in the star rating for this product.
    Franca T.

    Great vulnerability scanner for our web applications.

    Reviewed on Mar 08, 2024
    Review provided by G2
    What do you like best about the product?
    Safety from SQL injections through our access to external applications using API's and web applications.
    What do you dislike about the product?
    Poor documentation makes it hard to train new users.
    What problems is the product solving and how is that benefiting you?
    This application provides a great layer of security in our organization through protecting our infrastructure from attacks through our website and API's
    Valentina G.

    My to go API and DAST vulnerability scanner

    Reviewed on Mar 08, 2024
    Review provided by G2
    What do you like best about the product?
    It is very easy to use since it has a user friendly interface with customized cookies and headers
    When done by a tech savvy person, implemetation is quite easy and smooth
    By integrating into our CI/CD pipelines, it helps to fully automate our web application and API security testing. This enhances the security of our systems
    By scanning web applications and API, it allows us manage lifecycle of vulnerabilities that have been found.
    Helps to fix the identified vulnerabilities by providing guidance on how to fix them. This makes it easy for team of developers and engineers fixing the issues found.
    It easily integrates with CI/CD tools, Slack and Jira
    Provides you with unlimited scans
    It helps the user get compliant as well security reports
    What do you dislike about the product?
    It is way much pricey for any sized firm to afford
    It only provides a single scan so you cannot conduct concurrent scans
    Scanning large files or app takes so much time
    What problems is the product solving and how is that benefiting you?
    Helped with DAST which other apps were not effective at
    Its vulnerability scanning is top notch as it found some vulnerabilities that had overstayed in our system without being noticed
    Vulnerability scans provide us with reports on ways to fix it which makes it easy for our team of engineers to fix the issues effectively and promptly
    odbor k.

    Development team best tool scanner

    Reviewed on Mar 06, 2024
    Review provided by G2
    What do you like best about the product?
    Helps the development team in building secure apps through scanning for vulnerabilities before going live.
    Provides reports and insights that help future app development.
    Secure web applications and API's access.
    What do you dislike about the product?
    I find access not to be fully secure due to poor definition of users and password policy
    What problems is the product solving and how is that benefiting you?
    Cost saving by preventing data loss from unsecure applications
    John D.

    Web url and API vulnerability scanner on another level

    Reviewed on Feb 29, 2024
    Review provided by G2
    What do you like best about the product?
    Provides reports on zero day exploit on web url ,API's and SQL injections that would harm our applications that are accesed over web preventing further losses from attacks.
    What do you dislike about the product?
    Working fine and have found no shortcomings for the moment.
    What problems is the product solving and how is that benefiting you?
    Protects our company website from APT's that would cause a negative flow of business continuity due to downtimes.
    Farhan A.

    The best software to easily adjust the profile scan and easily add scan targets

    Reviewed on Feb 28, 2024
    Review provided by G2
    What do you like best about the product?
    The implementation was fast and it was easy to configure. It can take a subnet or a range for scanning in one go and gives a full report including the URL when scanning a web application.
    What do you dislike about the product?
    Nothing really to dislike. The vulnerability is scanner is totally accurate.
    What problems is the product solving and how is that benefiting you?
    It's type of scans bring us complete results when we carry out an analysis of the network. This helps identify known vulnerabilities, malware, patches, etc.
    View all reviews