An automated Web Vulnerability Scanner built for DevOps

Images

What is RATA Web Application Vulnerability Scanner ?

Reliable Attack Testing Automation (RATA) Web Application Vulnerability Scanner is the industry’s first Artificial Intelligence, Cloud and Human Hacker powered automated web vulnerability scanner.

RATA Web is a SaaS based vulnerability scanner for websites and requires no security expertise, hardware or software installation. With just a few clicks you can launch scans for vulnerabilities and get a report on the findings that includes recommendations for potential solutions.

Your DevOps team is making frequent changes and realizing new code across staging and production environments. Using BreachLock’s RATA Web scanner you can launch a quick scan and check for 8000+ vulnerabilities with a few clicks.

You get clear and actionable reports in online, PDF and CSV format. Our clear guidance on patching the vulnerabilities will help your DevOps team put the required fixes in place. This ensures that you have an automated Ethical Hacker plugged into your DevOps pipeline.

BreachLock Packages - Web Application Scan

On this page you can find answers to Frequently Asked Questions. Contact us if you need more information.

SUITABLE FOR

Scanning and Compliance


8000+ Vulnerabilities Checked


Malware Infection Monitoring


CMS Security Checks


OWASP Top 10 Checks


Dedicated API Security Scan


Scan Scheduling


Authenticated Scans


Add-on Network scanning


Chrome Plugin to record login sequence


AI based False Positive Validation


BreachLock Online Trustmark


SOC 2 , ISO 27001, HIPAA Compliant


Quarterly PCI ASV Scan


Integration


Trello, Slack, JIRA integration


Jenkins Plugin


Customized API Integration


Support


Online Support from Experts


Detailed Remediation Advise


Webinar Based Training


E-learning for DevOps


Dedicated Project Manager


Architecture & Scale


Testing Type


Number of Users


Number of Scans


Validation


Scanning Profile Management


Cloud Connectors


Reporting


Supported Report formats


Proof of Concept of each finding


Shield

STANDARD

Simple web sites, Online Stores, WordPress, other CMS, and simple web applications looking for compliance and security.



















Automated Scan


Up to 2 User Accounts


Scheduled Monthly Assessments


Unlimited Automated Retests



PDF, Excel, HTML


Contact Us

Customized Plans for your enterprise needs.

Get a Demo
Shield

REGULAR

SaaS, Web Applications that allow users to login. Ecommerce Websites with custom workflows looking for compliance and security.



















Automated Scan


Up to 6 User Accounts


Unlimited On Demands Scan


Unlimited Automated Retests



PDF, Excel, HTML


Contact Us

Customized Plans for your enterprise needs.

Get a Demo
Shield

ENTERPRISE

SaaS offerings and Web Applications that require Manual Testing for PCI, HIPAA, SOC2, ISO 27001 compliance or need Independent Pen Testing.



















Human Hacker Assisted


Unlimited User


Unlimited On Demands Scan


Manually Validated Findings



PDF, Excel, HTML


Contact Us

Customized Plans for your enterprise needs.

Get a Demo
Shield

STANDARD

Shield

REGULAR

Shield

ENTERPRISE

Simple web sites, Online Stores, WordPress, other CMS, and simple web applications looking for compliance and security.

SaaS, Web Applications that allow users to login. Ecommerce Websites with custom workflows looking for compliance and security.

SaaS offerings and Web Applications that require Manual Testing for PCI, HIPAA, SOC2, ISO 27001 compliance or need Independent Pen Testing.

Scanning and Compliance


8000+ Vulnerabilities Checked



Malware Infection Monitoring



CMS Security Checks



OWASP Top 10 Checks



Dedicated API Security Scan



Scan Scheduling



Authenticated Scans



Add-on Network scanning



Chrome Plugin to record login sequence



AI based False Positive Validation



BreachLock Online Trustmark



SOC 2 , ISO 27001, HIPAA Compliant



Quarterly PCI ASV Scan



Integration


Trello, Slack, JIRA integration



Jenkins Plugin



Customized API Integration



Support


Online Support from Experts



Detailed Remediation Advise



Webinar Based Training



E-learning for DevOps



Dedicated Project Manager



Architecture & Scale


Testing Type


Automated Scan

Automated Scan

Human Hacker Assisted


Number of Users


Up to 2 User Accounts

Up to 6 User Accounts

Unlimited Users


Number of Scans


Scheduled Monthly Assessments

Unlimited On-Demand Scans

Unlimited On-Demand Scans


Validation


Unlimited Automated Retests

Unlimited Automated Retests

Manually Validated Findings


Scanning Profile Management



Cloud Connectors



Reporting


Supported Report formats


PDF, Excel, HTML

PDF, Excel, HTML

PDF, Excel, HTML


Proof of Concept of each finding


Contact Us

Customized Plans for your enterprise needs.

Get a Demo

Contact Us

Customized Plans for your enterprise needs.

Get a Demo

Contact Us

Customized Plans for your enterprise needs.

Get a Demo
Small Shield Small Shield Small Shield

STANDARD

REGULAR

ENTERPRISE

Scanning and Compliance


8000+ Vulnerabilities Checked



Malware Infection Monitoring



CMS Security Checks



OWASP Top 10 Checks



Dedicated API Security Scan



Scan Scheduling



Authenticated Scans



Add-on Network scanning



Chrome Plugin to record login sequence



AI based False Positive Validation



BreachLock Online Trustmark



SOC 2 , ISO 27001, HIPAA Compliant



Quarterly PCI ASV Scan



Integration


Trello, Slack, JIRA integration



Jenkins Plugin



Customized API Integration



Support


Online Support from Experts



Detailed Remediation Advise



Webinar Based Training



E-learning for DevOps



Dedicated Project Manager



Architecture & Scale


Testing Type


Automated Scan

Automated Scan

Human Hacker Assisted


Number of Users


Up to 2 User Accounts

Up to 6 User Accounts

Unlimited Users


Number of Scans


Scheduled Monthly Assessments

Unlimited On-Demand Scans

Unlimited On-Demand Scans


Validation


Unlimited Automated Retests

Unlimited Automated Retests

Manually Validated Findings


Scanning Profile Management



Cloud Connectors



Reporting


Supported Report formats


PDF, Excel, HTML

PDF, Excel, HTML

PDF, Excel, HTML


Cloud Connectors


Small Shield

STANDARD


Contact Us

Customized Plans for your enterprise needs.

Get a Demo

Simple web sites, Online Stores, WordPress, other CMS, and simple web applications looking for compliance and security.

Small Shield

REGULAR


Contact Us

Customized Plans for your enterprise needs.

Get a Demo

SaaS, Web Applications that allow users to login. Ecommerce Websites with custom workflows looking for compliance and security.

Small Shield

ENTERPRISE


Contact Us

Customized Plans for your enterprise needs.

Get a Demo

SaaS offerings and Web Applications that require Manual Testing for PCI, HIPAA, SOC2, ISO 27001 compliance or need Independent Pen Testing.

Automate Your Web Security Scanning

Your DevOps team is making frequent changes and adding new code across staging and production environments.

Using BreachLock’s RATA Web scanner you can launch a quick scan and check for 8000+ vulnerabilities with a few clicks. You get clear and actionable reports in online, PDF and CSV format. Our clear guidance on patching the vulnerabilities will help your DevOps team put the required fixes in place. This ensures that you have an automated Ethical Hacker plugged into your DevOps pipeline.

Automate

Run On-Demand and scheduled scans

With the BreachLock SaaS interface you can choose to run a live scan with a few clicks or schedule a scan to run at a specific time.

When the scan concludes you can browse through the vulnerabilities online or download reports in PDF and CSV format.

Automate

Configure your scanning profile

You have complete control over a choice of intrusive vs non-intrusive plugins to make sure the scans are production safe.

You can also add specific URLs or web locations that are blocked for the scanning engine to crawl or scan.

Automate

Run Authenticated Scans

You can perform deep security checks on your web applications with the RATA web scanner. This includes scanning behind login areas.

You get an option to add basic authentication parameters or record a login sequence using our chrome-based plugin that mimics your login actions while your browse your web application.

Automate

Scan single page applications

RATA Web scanner provides in-depth coverage for scanning single page applications (SPA) and modern web applications that depend heavily on multiple level JavaScript interactions.

You can quickly identify any security misconfiguration or vulnerabilities that harm your security posture.

Automate

Run API security scanning

RATA Web scanner has a dedicated API Scanner that can detect vulnerabilities in any API, including web-connected devices such as mobile backend servers, IoT devices, as well as any RESTful APIs.

These scans directly address security concerns for your API functionality.

Automate

False Positive proof scanning

RATA Web scanner validates each finding for its accuracy using our AI-enabled vulnerability validation engine.

This ensures that only findings that have a solid proof of concept are included. You also have the ability to submit any finding for a false positive validation.

Automate

Integrate with DevOps pipeline

Shift your security left with powerful security scans and tests against your most vulnerable services. BreachLock SaaS platform can directly integrate with JIRA, Jenkins, Slack and Trello.

Get vulnerability scanning integrated directly into your CI/CD tooling and workflow with our native integration options.

Automate

Retest your patches with a click

You don’t have to wait to launch a complete scan to test if your patch is deployed correctly. With RATA Web scanner it is possible to launch a rest on one or more findings and get a status update on the patch status of the finding.

The retest functionality can be activated with a single click from our SaaS interface.

Automate

Besides providing you with extensive webinar - based training,

we also offer an online ticketing system built into our SaaS platform. Using this system, you can create one or more tickets related to scanner functionality, request to investigate a particular finding or seek remediation recommendations for more complex issues.

Get a Quote
Webinar Webinar

Types of Vulnerabilities checked

Sending in data at the boundary of allowed values or in direct opposition of the allowed values may cause your system to display unwanted information. This scan sends those request throught to see if your API can be breached

Boundary scan

This scan injects random text as Web Applications or API requests to provoke unknown errors, but buffer overflows, stack traces, or string vulnerabilities.

Fuzzing scan

This scan sends an unexpected data format in the request so you can validate that the Web Applications or API can gracefully handle input of the wrong data type.

Invalid Types

Malicious attachments can take several forms and have multiple purposes - for our scan, we add and/or replace attachments to the request with invalid or large attachments to seek out vulnerabilities in the server or the code

Malicious Attachment

Our SQL injection test can send malicious SQL statements to your Web Applications or API in an effort to access and weaken your databases

SQL Injection

Sensitive data exposure vulnerabilities can occur when an application does not adequately protect sensitive information from being disclosed to attackers

Sensitive Data exposure

The XML bomb sends an extremely large XML file to your Web Applications or API in an effort to create a stack overflow.

XML Bomb

This scan inject unexpected Web Applications or XML content and/or structures into the API request in an attempt to disrupt its behavior

Xml Injection

Remote file inclusion (RFI) and Local file inclusion (LFI) is an attack targeting vulnerabilities in web applications that dynamically reference external and internal scripts

RFI/LFI

Application functions related to authentication and session management are often not implemented correctly, allowing attackers to compromise passwords, keys or session tokens.

Broken Authenication & Session Managment

Source code disclosure attacks allow a malicious user to obtain the source code of a server-side application

Source Code Disclosure

Security misconfiguration can happen at any level of an application stack, including the network services, platform, web server and application server

Security Misconfiguration

This test checks to make sure your Web Applications or API doesn't expose the parameters it uses by displaying the in messages and URLs.

Cross-Site Scripting

This scan will inser malfored XML snippets into the Web Applications or API request in an effort to expose sensitive information or potentially crash a vulnerable server.

Malformed XML

Learn more about BreachLock. Read our

FAQ Page