Red Teaming as a Service gives you the full view that your adversaries have of security environment
Unmatched PCI DSS expertise coupled with end to end coverage for Penetration Testing and ASV Scanning
A comprehensive solution for all your HIPAA Penetration Testing and Vulnerability Scanning needs
Reliable Attack Testing Automation (RATA) Web Application Vulnerability Scanner is the industry’s first Artificial Intelligence, Cloud and Human Hacker powered automated web vulnerability scanner.
RATA Web is a SaaS based vulnerability scanner for websites and requires no security expertise, hardware or software installation. With just a few clicks you can launch scans for vulnerabilities and get a report on the findings that includes recommendations for potential solutions.
Your DevOps team is making frequent changes and realizing new code across staging and production environments. Using BreachLock’s RATA Web scanner you can launch a quick scan and check for 8000+ vulnerabilities with a few clicks.
You get clear and actionable reports in online, PDF and CSV format. Our clear guidance on patching the vulnerabilities will help your DevOps team put the required fixes in place. This ensures that you have an automated Ethical Hacker plugged into your DevOps pipeline.
On this page you can find answers to Frequently Asked Questions. Contact us if you need more information.
8000+ Vulnerabilities Checked
Malware Infection Monitoring
CMS Security Checks
OWASP Top 10 Checks
Dedicated API Security Scan
Scan Scheduling
Authenticated Scans
Add-on Network scanning
Chrome Plugin to record login sequence
AI based False Positive Validation
BreachLock Online Trustmark
SOC 2 , ISO 27001, HIPAA Compliant
Quarterly PCI ASV Scan
Trello, Slack, JIRA integration
Jenkins Plugin
Customized API Integration
Online Support from Experts
Detailed Remediation Advise
Webinar Based Training
E-learning for DevOps
Dedicated Project Manager
Testing Type
Number of Users
Number of Scans
Validation
Scanning Profile Management
Cloud Connectors
Supported Report formats
Proof of Concept of each finding
Simple web sites, Online Stores, WordPress, other CMS, and simple web applications looking for compliance and security.
Automated Scan
Up to 2 User Accounts
Scheduled Monthly Assessments
Unlimited Automated Retests
PDF, Excel, HTML
SaaS, Web Applications that allow users to login. Ecommerce Websites with custom workflows looking for compliance and security.
Automated Scan
Up to 6 User Accounts
Unlimited On Demands Scan
Unlimited Automated Retests
PDF, Excel, HTML
SaaS offerings and Web Applications that require Manual Testing for PCI, HIPAA, SOC2, ISO 27001 compliance or need Independent Pen Testing.
Human Hacker Assisted
Unlimited User
Unlimited On Demands Scan
Manually Validated Findings
PDF, Excel, HTML
Simple web sites, Online Stores, WordPress, other CMS, and simple web applications looking for compliance and security.
SaaS, Web Applications that allow users to login. Ecommerce Websites with custom workflows looking for compliance and security.
SaaS offerings and Web Applications that require Manual Testing for PCI, HIPAA, SOC2, ISO 27001 compliance or need Independent Pen Testing.
8000+ Vulnerabilities Checked
Malware Infection Monitoring
CMS Security Checks
OWASP Top 10 Checks
Dedicated API Security Scan
Scan Scheduling
Authenticated Scans
Add-on Network scanning
Chrome Plugin to record login sequence
AI based False Positive Validation
BreachLock Online Trustmark
SOC 2 , ISO 27001, HIPAA Compliant
Quarterly PCI ASV Scan
Trello, Slack, JIRA integration
Jenkins Plugin
Customized API Integration
Online Support from Experts
Detailed Remediation Advise
Webinar Based Training
E-learning for DevOps
Dedicated Project Manager
Testing Type
Automated Scan
Automated Scan
Human Hacker Assisted
Number of Users
Up to 2 User Accounts
Up to 6 User Accounts
Unlimited Users
Number of Scans
Scheduled Monthly Assessments
Unlimited On-Demand Scans
Unlimited On-Demand Scans
Validation
Unlimited Automated Retests
Unlimited Automated Retests
Manually Validated Findings
Scanning Profile Management
Cloud Connectors
Supported Report formats
PDF, Excel, HTML
PDF, Excel, HTML
PDF, Excel, HTML
Proof of Concept of each finding
8000+ Vulnerabilities Checked
Malware Infection Monitoring
CMS Security Checks
OWASP Top 10 Checks
Dedicated API Security Scan
Scan Scheduling
Authenticated Scans
Add-on Network scanning
Chrome Plugin to record login sequence
AI based False Positive Validation
BreachLock Online Trustmark
SOC 2 , ISO 27001, HIPAA Compliant
Quarterly PCI ASV Scan
Trello, Slack, JIRA integration
Jenkins Plugin
Customized API Integration
Online Support from Experts
Detailed Remediation Advise
Webinar Based Training
E-learning for DevOps
Dedicated Project Manager
Testing Type
Automated Scan
Automated Scan
Human Hacker Assisted
Number of Users
Up to 2 User Accounts
Up to 6 User Accounts
Unlimited Users
Number of Scans
Scheduled Monthly Assessments
Unlimited On-Demand Scans
Unlimited On-Demand Scans
Validation
Unlimited Automated Retests
Unlimited Automated Retests
Manually Validated Findings
Scanning Profile Management
Cloud Connectors
Supported Report formats
PDF, Excel, HTML
PDF, Excel, HTML
PDF, Excel, HTML
Cloud Connectors
Simple web sites, Online Stores, WordPress, other CMS, and simple web applications looking for compliance and security.
SaaS, Web Applications that allow users to login. Ecommerce Websites with custom workflows looking for compliance and security.
SaaS offerings and Web Applications that require Manual Testing for PCI, HIPAA, SOC2, ISO 27001 compliance or need Independent Pen Testing.
Your DevOps team is making frequent changes and adding new code across staging and production environments.
Using BreachLock’s RATA Web scanner you can launch a quick scan and check for 8000+ vulnerabilities with a few clicks. You get clear and actionable reports in online, PDF and CSV format. Our clear guidance on patching the vulnerabilities will help your DevOps team put the required fixes in place. This ensures that you have an automated Ethical Hacker plugged into your DevOps pipeline.
With the BreachLock SaaS interface you can choose to run a live scan with a few clicks or schedule a scan to run at a specific time.
When the scan concludes you can browse through the vulnerabilities online or download reports in PDF and CSV format.
You have complete control over a choice of intrusive vs non-intrusive plugins to make sure the scans are production safe.
You can also add specific URLs or web locations that are blocked for the scanning engine to crawl or scan.
You can perform deep security checks on your web applications with the RATA web scanner. This includes scanning behind login areas.
You get an option to add basic authentication parameters or record a login sequence using our chrome-based plugin that mimics your login actions while your browse your web application.
RATA Web scanner provides in-depth coverage for scanning single page applications (SPA) and modern web applications that depend heavily on multiple level JavaScript interactions.
You can quickly identify any security misconfiguration or vulnerabilities that harm your security posture.
RATA Web scanner has a dedicated API Scanner that can detect vulnerabilities in any API, including web-connected devices such as mobile backend servers, IoT devices, as well as any RESTful APIs.
These scans directly address security concerns for your API functionality.
RATA Web scanner validates each finding for its accuracy using our AI-enabled vulnerability validation engine.
This ensures that only findings that have a solid proof of concept are included. You also have the ability to submit any finding for a false positive validation.
Shift your security left with powerful security scans and tests against your most vulnerable services. BreachLock SaaS platform can directly integrate with JIRA, Jenkins, Slack and Trello.
Get vulnerability scanning integrated directly into your CI/CD tooling and workflow with our native integration options.
You don’t have to wait to launch a complete scan to test if your patch is deployed correctly. With RATA Web scanner it is possible to launch a rest on one or more findings and get a status update on the patch status of the finding.
The retest functionality can be activated with a single click from our SaaS interface.
we also offer an online ticketing system built into our SaaS platform. Using this system, you can create one or more tickets related to scanner functionality, request to investigate a particular finding or seek remediation recommendations for more complex issues.
Get a Quote
Sending in data at the boundary of allowed values or in direct opposition of the allowed values may cause your system to display unwanted information. This scan sends those request throught to see if your API can be breached
This scan injects random text as Web Applications or API requests to provoke unknown errors, but buffer overflows, stack traces, or string vulnerabilities.
This scan sends an unexpected data format in the request so you can validate that the Web Applications or API can gracefully handle input of the wrong data type.
Malicious attachments can take several forms and have multiple purposes - for our scan, we add and/or replace attachments to the request with invalid or large attachments to seek out vulnerabilities in the server or the code
Our SQL injection test can send malicious SQL statements to your Web Applications or API in an effort to access and weaken your databases
Sensitive data exposure vulnerabilities can occur when an application does not adequately protect sensitive information from being disclosed to attackers
The XML bomb sends an extremely large XML file to your Web Applications or API in an effort to create a stack overflow.
This scan inject unexpected Web Applications or XML content and/or structures into the API request in an attempt to disrupt its behavior
Remote file inclusion (RFI) and Local file inclusion (LFI) is an attack targeting vulnerabilities in web applications that dynamically reference external and internal scripts
Application functions related to authentication and session management are often not implemented correctly, allowing attackers to compromise passwords, keys or session tokens.
Source code disclosure attacks allow a malicious user to obtain the source code of a server-side application
Security misconfiguration can happen at any level of an application stack, including the network services, platform, web server and application server
This test checks to make sure your Web Applications or API doesn't expose the parameters it uses by displaying the in messages and URLs.
This scan will inser malfored XML snippets into the Web Applications or API request in an effort to expose sensitive information or potentially crash a vulnerable server.