Overview
Probely is a new-gen DAAST (Dynamic API and Application Security Testing) platform that scans and exposes vulnerabilities, and provides an evidence-based report of all findings, with detailed instructions on how to fix them. Like adding a virtual security specialist to your team, that helps you find vulnerabilities fast and teaches you how to fix them.
API and WebApp Vulnerability Scanning - Scan rich web applications, Single-Page Apps, and APIs, including microservices and standalone APIs that are based on the OpenAPI (Swagger) specification or Postman Collection. Support for REST, SOAP, and GraphQL API scanning. SPAs that make XMLHttpRequests (XHR) to an API, will be seamlessly followed through those requests to scan all respective API endpoints.
Detection of over 30,000 vulnerabilities - With new checks being added constantly. Catered also for custom-built software, as Probely looks for classes of vulnerabilities, but also find well-known vulnerabilities.
Next-Generation Spider - Probely's revolutionary spider, based on Headless-Chrome, crawls and indexes your rich, interactive JavaScript apps and sophisticated Single-Page Applications with ease.
Developer-Friendly, Evidence-Based Reporting, and Fix Guidance - Each vulnerability includes a description, its evidence, and helpful code or configuration snippets that you can use to fix it. Probely detects the technologies that are used and tailor the instructions to the specific case. No need to go through a wall of text to find the relevant fix.
Vulnerability Ranking and Logging - Vulnerabilities are ranked by severity and include a tailored how-to fix as well as a history log, so you can keep track of them.
Lowest False Positive Rate in the Industry - We report only the security vulnerabilities that matter, with a near-zero false positive rate of 0.1%, ensuring that detected vulnerabilities are a real threat and need to be addressed. No unnecessary noise so you don't waste time checking or trying to fix what you don't need. If a finding is unexploitable, we don't report it.
CI/CD Integration - Fully automate your web application and API security testing by integrating Probely into your CI/CD pipelines and enjoy two-way sync with your preferred issue-tracking platform. You can also seamlessly integrate Probely with your tools of choice by using our add-ons or integrate with anything through our full-featured, easy to use, and well-documented API. Probely's add-ons include tools such as ArmorCode, Azure DevOps (Boards), CircleCI, DefectDojo, Jenkins, Jira, JupiterOne, ShortCut, and Slack.
API-First Development - Our web app is powered by our API, meaning that anything that can be done using the web app can also be done directly via the API - and features are usually available first through the API. Use it to integrate Probely's tests with your CI/CD pipeline, issue tracker or Slack (for instance).
Compliance Requirements Fulfillment - Probely provides an easy and effective way to comply with the requirements related to AppSec testing of PCI-DSS, SOC2, HIPAA, ISO27001, GDPR, and other local-specific privacy acts standards using a series of detailed requirement reports that can be used as evidence to showcase your compliance.
Highlights
- The Lowest False Positive Rate - Industry-leading accuracy on findings, with little to no noise so you can focus only on the real threats. Probely also accurately detects over 30,000 vulnerabilities, with detailed evidence-based reports on the findings, with relevant fixes.
- Powerful and Customizable - Scanning configurations, scheduled scanning, partial scanning, scanning behind firewalls, blackout periods, and custom scanning profiles. Authenticated scans through SSO, OpenID Connect, and 2FA, as well as support for re-authentication if the session is lost.
- Modern API Scanning - Probely's API Scanner detects large amounts of potential vulnerabilities allowing your team to actively run security testing as part of their API development process. Supports REST, SOAP, and GraphQL APIs - OpenAPI (Swagger) spec or PostMan Collections. Built for CI/CD pipelines and the DevSecOps approach, Probely's especially suited for automation at scale with out-of-the-box integrations or through our API, so you can integrate with everything.
Features and programs
Financing for AWS Marketplace purchases
Pricing
Dimension | Description | Cost/month |
|---|---|---|
Pro | Great for performing frequent security testing and SDLC integration | $118.00 |
Enterprise | For organizations with 5+ targets that value efficiency and flexibility | $665.00 |
Vendor refund policy
Unless otherwise stipulated by us, the use of the paid Service is dependent on the up-front payment of the Fee established on our pricing page. The Fee is determined in accordance with the number of sites to be scanned and the subscription term, which may be monthly or annual, and/or the number and duration of scans (credits). Payment obligations are non-cancelable, fees paid are non-refundable, and quantities purchased cannot be decreased during the relevant subscription term.
Legal
Vendor terms and conditions
Content disclaimer
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
Probely supports their customers during business hours, from 8:00 am - 7:00 pm (GMT in wintertime; GMT+1 in summertime) on business days.
Business Days are from Monday through Friday, except for Bank Holidays in Portugal.
Customers may use the Chat on the bottom right of Probely's site to contact support.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Customer reviews
Great vulnerability scanner for our web applications.
My to go API and DAST vulnerability scanner
When done by a tech savvy person, implemetation is quite easy and smooth
By integrating into our CI/CD pipelines, it helps to fully automate our web application and API security testing. This enhances the security of our systems
By scanning web applications and API, it allows us manage lifecycle of vulnerabilities that have been found.
Helps to fix the identified vulnerabilities by providing guidance on how to fix them. This makes it easy for team of developers and engineers fixing the issues found.
It easily integrates with CI/CD tools, Slack and Jira
Provides you with unlimited scans
It helps the user get compliant as well security reports
It only provides a single scan so you cannot conduct concurrent scans
Scanning large files or app takes so much time
Its vulnerability scanning is top notch as it found some vulnerabilities that had overstayed in our system without being noticed
Vulnerability scans provide us with reports on ways to fix it which makes it easy for our team of engineers to fix the issues effectively and promptly
Development team best tool scanner
Provides reports and insights that help future app development.
Secure web applications and API's access.