What is RATA Web Application Vulnerability Scanner ?
Reliable Attack Testing Automation (RATA) Web Application Vulnerability Scanner is the industry’s first
Artificial Intelligence, Cloud and Human Hacker powered automated web vulnerability scanner.
RATA Web is a SaaS based vulnerability scanner for websites and requires no security expertise, hardware
or software installation. With just a few clicks you can launch scans for vulnerabilities and get a
report on the findings that includes recommendations for potential solutions.
Your DevOps team is making frequent changes and realizing new code across staging and production
environments. Using BreachLock’s RATA Web scanner you can launch a quick scan and check for 8000+
vulnerabilities with a few clicks.
You get clear and actionable reports in online, PDF and CSV format. Our clear guidance on patching the
vulnerabilities will help your DevOps team put the required fixes in place. This ensures that you have
an automated Ethical Hacker plugged into your DevOps pipeline.
BreachLock Packages - Web Application Scan
On this page you can find answers to Frequently Asked Questions. Contact us if you need more information.
Scanning and Compliance
8000+ Vulnerabilities Checked
Malware Infection Monitoring
CMS Security Checks
OWASP Top 10 Checks
Dedicated API Security Scan
Add-on Network scanning
Chrome Plugin to record login sequence
AI based False Positive Validation
BreachLock Online Trustmark
SOC 2 , ISO 27001, HIPAA Compliant
Quarterly PCI ASV Scan
Trello, Slack, JIRA integration
Customized API Integration
Online Support from Experts
Detailed Remediation Advise
Webinar Based Training
E-learning for DevOps
Dedicated Project Manager
Architecture & Scale
Number of Users
Number of Scans
Scanning Profile Management
Supported Report formats
Proof of Concept of each finding
Simple web sites, Online Stores, WordPress, other CMS, and simple web applications looking for
compliance and security.
SaaS offerings and Web Applications that require Manual Testing for PCI, HIPAA, SOC2, ISO 27001
compliance or need Independent Pen Testing.
Automate Your Web Security Scanning
Your DevOps team is making frequent changes and adding new code across staging and
Using BreachLock’s RATA Web scanner you can launch a quick scan and check for 8000+ vulnerabilities with
a few clicks. You get clear and actionable reports in online, PDF and CSV format. Our clear guidance on
patching the vulnerabilities will help your DevOps team put the required fixes in place.
This ensures that you have an automated Ethical Hacker plugged into your DevOps pipeline.
Run On-Demand and scheduled scans
With the BreachLock SaaS interface you can choose to run a live scan with a few clicks or schedule a
scan to run at a specific time.
When the scan concludes you can browse through the vulnerabilities online or download reports in PDF and
Configure your scanning profile
You have complete control over a choice of intrusive vs non-intrusive plugins to make sure the scans are
You can also add specific URLs or web locations that are blocked for the scanning engine to crawl or
Run Authenticated Scans
You can perform deep security checks on your web applications with the RATA web scanner. This includes
scanning behind login areas.
You get an option to add basic authentication parameters or record a login sequence using our
chrome-based plugin that mimics your login actions while your browse your web application.
Scan single page applications
RATA Web scanner provides in-depth coverage for scanning single page applications (SPA) and modern web
You can quickly identify any security misconfiguration or vulnerabilities that harm your security
Run API security scanning
RATA Web scanner has a dedicated API Scanner that can detect vulnerabilities in any API, including
web-connected devices such as mobile backend servers, IoT devices, as well as any RESTful APIs.
These scans directly address security concerns for your API functionality.
False Positive proof scanning
RATA Web scanner validates each finding for its accuracy using our AI-enabled vulnerability validation
This ensures that only findings that have a solid proof of concept are included. You also have the
ability to submit any finding for a false positive validation.
Integrate with DeVops pipeline
Shift your security left with powerful security scans and tests against your most vulnerable services.
BreachLock SaaS platform can directly integrate with JIRA, Jenkins, Slack and Trello.
Get vulnerability scanning integrated directly into your CICD tooling and workflow with our native
Retest your patches with a click
You don’t have to wait to launch a complete scan to test if your patch is deployed correctly. With RATA
Web scanner it is possible to launch a rest on one or more findings and get a status update on the patch
status of the finding.
The retest functionality can be activated with a single click from our SaaS interface.
Besides providing you with extensive webinar - based training,
we also offer an online ticketing system built into our SaaS platform. Using this system, you can create
one or more tickets related to scanner functionality, request to investigate a particular finding or
seek remediation recommendations for more complex issues.
Sending in data at the boundary of allowed values or in direct opposition of the
values may cause your system to display unwanted information. This scan sends
request throught to see if your API can be breached
This scan injects random text as Web Applications or API requests to provoke
errors, but buffer overflows, stack traces, or string vulnerabilities.
This scan sends an unexpected data format in the request so you can validate
Web Applications or API can gracefully handle input of the wrong data type.
Malicious attachments can take several forms and have multiple purposes - for
we add and/or replace attachments to the request with invalid or large
seek out vulnerabilities in the server or the code
Our SQL injection test can send malicious SQL statements to your Web
in an effort to access and weaken your databases
Sensitive data exposure vulnerabilities can occur when an application does not
adequately protect sensitive information from being disclosed to attackers
Sensitive Data exposure
The XML bomb sends an extremely large XML file to your Web Applications or API
effort to create a stack overflow.
This scan inject unexpected Web Applications or XML content and/or structures
API request in an attempt to disrupt its behavior
Remote file inclusion (RFI) and Local file inclusion (LFI) is an attack
vulnerabilities in web applications that dynamically reference external and
Application functions related to authentication and session management are often
implemented correctly, allowing attackers to compromise passwords, keys or
Broken Authenication & Session Managment
Source code disclosure attacks allow a malicious user to obtain the source code
Source Code Disclosure
Security misconfiguration can happen at any level of an application stack,
network services, platform, web server and application server
This test checks to make sure your Web Applications or API doesn't expose the
uses by displaying the in messages and URLs.
This scan will inser malfored XML snippets into the Web Applications or API request
effort to expose sensitive information or potentially crash a vulnerable server.