Probely WebApp and API Vulnerability Scanner

Developer-friendly automated Web Application and API vulnerability scanner Starting at ~$0.164/hour.

Probely Dashboard with risk trend, average time to fix, sites needing attention, and top vulns Target with findings sorted by order of risk How to fix a specific vuln with an SQLi in PHP API-First Dev Risk Severity
Find your vulnerabilities

We scan your Web Applications or APIs and are able to detect over 30,000 vulnerabilities. We’re constantly adding new checks, too. We look for classes of vulnerabilities so we can handle your custom-built software, but also find well-known vulnerabilities. Vulnerabilities are ranked by severity and include a tailored how-to fix as well as a history log, so you can keep track of them.

Get how to fix guidance

Each vulnerability includes a description, evidence of it, and helpful code or configuration snippets that you can use to fix it. We detect the technologies you use and tailor the instructions to your case. You won’t need to through a wall of text to find the fix you need.

Secure your APIs

Our API vulnerability scanner is able to detect large amounts of potential vulnerabilities allowing you to actively run security testing as part of your API development process, no matter how you operate.

If you have a Single-Page Application (SPA) that makes XMLHttpRequests (XHR) to an API, we will seamlessly follow those requests and scan the API endpoints. If instead, you want to scan standalone APIs, you can do so via providing OpenAPI/Swagger schema files or Postman Collections.

Focus only on real threats

We report only the security vulnerabilities that matter, with a near-zero false positive rate of 0.06%, ensuring that detected vulnerabilities are a real threat and need to be addressed. No unnecessary noise so you don’t waste time checking or trying to fix what you don’t need. If a finding is unexploitable, we don’t report it.

Integrate and Automate with your stack

You can seamlessly integrate Probely with your tools by using our addons or integrate with anything through our full-featured, easy to use, and well-documented API. Our add-ons include tools such as ArmorCode, Azure DevOps (Boards), CircleCI, DefectDojo, Jenkins, Jira, JupiterOne, ShortCut, and Slack.

Automate with the API

Our web app is powered by our API, meaning anything that can be done using the web app can also be done directly via the API. Use it to integrate our tests with your CI/CD pipeline, issue tracker or Slack (for instance).

Fulfill security compliance requirements

Get an easy and effective way to comply with the requirements related to application security testing of PCI-DSS, SOC2, HIPAA, ISO27001, GDPR, and other local-specific privacy acts standards using a series of detailed requirement reports that can be used as evidence to showcase your compliance

Detects Log4j, Log4Shell, CVE-2021-44228

Scans for the Log4j / Log4Shell / CVE-2021-44228 vulnerability.

Region Availability

The available application locations for this add-on are shown below, and depend on whether the application is deployed to a Common Runtime region or Private Space. Learn More

  • Common Runtime
  • Private Spaces
Region Available
United States Available
Europe Available
Region Available Installable in Space
Dublin Available
Frankfurt Available
London Available
Montreal Available
Mumbai Available
Oregon Available
Singapore Available
Sydney Available
Tokyo Available
Virginia Available

Plans & Pricing

Need a larger plan? Let our customer success team help! Learn more.
    • Custom headers
    • Custom cookies
    • Scanning Profiles
    • Schedule scans
    • Standalone API Scanning
    • API scanning based on OpenAPI schema
    • API scanning based on Postman Collection
    • Skip target validation
    • Slack Integration
    • Jira Integration
    • Access to Probely's API
    • Plugins for CI tools
    • Scan results reports
    • Compliance reports
    • Coverage report
    • Login (authenticated scanning)
    • Basic authentication
    • Seeds list (forced list of URLs to scan)
    • Reject list (exclude URLs from scanning)
    • More than 5000 vulnerability checks
    • Lightning Scan
    • Full scan Unlimited
    • Extra hosts in the scope
    • Fingerprinting
    • Scanning modules
    • Reducing false-positives
    • Report false-positives and invalid vulnerabilities
    • Vulnerability Manager
    • Tailored how-to fix
    • Re-test vulnerability
    • CVSS rating
    • Azure Boards Integration
    • Fixed source IP
    • Scans for Log4j / Log4Shell / CVE-2021-44228
    • Custom headers
    • Custom cookies
    • Scanning Profiles
    • Schedule scans
    • Standalone API Scanning
    • API scanning based on OpenAPI schema
    • API scanning based on Postman Collection
    • Skip target validation
    • Slack Integration
    • Jira Integration
    • Access to Probely's API
    • Plugins for CI tools
    • Scan results reports
    • Compliance reports
    • Coverage report
    • Login (authenticated scanning)
    • Basic authentication
    • Seeds list (forced list of URLs to scan)
    • Reject list (exclude URLs from scanning)
    • More than 5000 vulnerability checks
    • Lightning Scan
    • Full scan Unlimited
    • Extra hosts in the scope
    • Fingerprinting
    • Scanning modules
    • Reducing false-positives
    • Report false-positives and invalid vulnerabilities
    • Vulnerability Manager
    • Tailored how-to fix
    • Re-test vulnerability
    • CVSS rating
    • Azure Boards Integration
    • Fixed source IP
    • Scans for Log4j / Log4Shell / CVE-2021-44228
Install Probely WebApp and API Vulnerability Scanner
heroku addons:create probely

To provision, copy the snippet into your CLI or use the install button above.

Probely WebApp and API Vulnerability Scanner Documentation