– Patronus API –

Web Application

Security Scanner

Integrate web application security testing directly into your development pipeline. Configure the API to your specific needs. Get fast results in JSON format.

Overview

Included Features

Attack Vectors

Full Vector Support for XSS, SQLi, OSCi, LFi, RFi

Crawler

Modern HTML and JavaScript Crawler

CI/CD Pipeline

Easy integration into development pipeline

Web User Interface

Manage your projects and reports

Quick Start

Scanner comes already configured, get started in minutes

Reports

Export vulnerability reports in JSON & HTML format

Created for Developers

Web Application Security Scanner

Following vulnerabilities can be detected by our security scan (GET and POST HTTP methods supported):

  • XSS (Cross Site Scripting) injection
  • SQL Injection (Database Injection)
  • OSCI (Operating system command injection)
  • File disclosure (LFi, RFi, …)
  • Payloads uses Path Traversal and Null-Termination practices
  • Known Vulnerability Detection (Exploit Check and Software Detection)
  • TLS / SSL Security Check
  • HTTP Security Header Analysis
  • Check for Subresource Integrity Hashes

HTML & JavaScript Crawler

Crawl Any Type of Web App

  • We are able to crawl and test every modern web application including HTML5 and Single Page Applications that are rendered client-side.
  • Does your application need a login?
    Simply configure some credentials, point us to the login page and we will also check behind that wall.

made for your Development Lifecycle

CI/CD Pipeline Integration

  • Use our API to easily integrate the web application security scanner into any deployment pipeline (GitLab, Jenkins, CircleCI,…).
  • Fast integration via Docker, Binary or API Calls.
  • Possibility to abort the scan.
  • The vulnerability scanner can be executed anytime, for example after each commit into the configured pipeline.
  • Depending on your configuration the pipeline will fail if any issue is found.

Test Your Web Application

It’s 100% free to start

Create your account today and start testing your web applications within minutes.

Web App Security Testing

Start Testing within Minutes

  • The web application security scanner provides a default configuration so almost no initial settings are necessary.
  • Many aspects of the security scan are customizable via API.
  • Manually mark issues as false positives to ignore them in future runs.
  • To start the first security scan:
    1. Create a new project with a start-URL.
    2. Verify ownership of your website.
    3. Start your first security scan.

Starting Point

Web User Interface

  • Create projects for different domains.
  • Start an already configured test run within the WUI.
  • Further configuration can be done through the API. 
  • Download vulnerability scan report in HTML-format.

Choose your favored report style

Vulnerability Reports

  • Extensive vulnerability reports are produced after every security scan. You can download the summary as HTML report directly in the WUI.
  • Get the results in JSON-format directly into your favored development environment. 
  • The summary report includes an explanation of the corresponding vulnerability and recommendations on how to fix it.

Test Your Web Application

Ready to get started?

Create your free test account now and try the security scanner for yourself. If you want to know more – get in touch with us!