Probely
Dynamic application security testing (DAST) software
Vulnerability scanner software
Website security software
DevSecOps software
Web security software
- Features
- Ease of use
- Ease of management
- Quality of support
- Affordability
- Market presence
Take the quiz to check if Probely and its alternatives fit your requirements.
Contact the product provider
Free TrialFree version
Small
Medium
Large
- Education and training
- Transportation and logistics
- Banking and insurance
What is Probely
Probely is a dynamic application security testing (DAST) platform that scans web applications and APIs to identify common security vulnerabilities. It is used by security and engineering teams to run scheduled or CI/CD-triggered scans across development and production environments. The product emphasizes authenticated scanning, API coverage, and workflow integrations to support DevSecOps processes. It is typically deployed as a SaaS service with options to integrate into existing development pipelines.
CI/CD and DevSecOps integrations
Probely provides automation-oriented features that fit into build and release workflows, including API access and pipeline-friendly execution. This supports recurring scans without requiring manual setup each time. Integrations help route findings into existing engineering tools for triage and remediation. This approach aligns with teams that want DAST as part of continuous delivery rather than periodic testing.
Authenticated scanning support
Probely supports scanning behind login to test areas of an application that are not reachable by unauthenticated crawlers. This is important for business applications where most functionality requires user sessions. Authenticated coverage can improve the relevance of findings compared with purely public-surface scans. It also helps teams validate security controls across role-based areas when configured appropriately.
Web and API testing focus
Probely targets both traditional web application endpoints and API surfaces, which are common sources of modern application risk. API scanning capabilities help teams test endpoints that may not be fully discoverable through browser crawling alone. This is useful for organizations with microservices or mobile-backed APIs. The combined coverage reduces the need to run separate tools for basic web and API DAST use cases.
DAST limits for business logic
As a DAST tool, Probely primarily detects classes of vulnerabilities that are observable through HTTP interactions and known test patterns. It is less effective for business-logic flaws, authorization design issues, and complex multi-step abuse cases without significant manual tuning. Teams often need complementary approaches (e.g., code review, SAST, or human-led testing) for deeper assurance. This is a general limitation of automated DAST rather than a product-specific defect.
Scan tuning and false positives
DAST results can require tuning to reduce noise, especially on large applications with custom error handling, WAF behavior, or non-standard authentication flows. Initial setup may involve configuring login, session handling, and scope controls to avoid incomplete coverage. Some findings may still require validation by security engineers before remediation work begins. This can add operational overhead for teams new to automated DAST.
Coverage depends on crawlability
Dynamic scanners rely on the ability to discover and exercise application routes, which can be constrained by single-page applications, complex client-side logic, or strict rate limiting. If the crawler cannot reach key states or endpoints, vulnerability coverage can be incomplete. Teams may need to provide seed URLs, API definitions, or additional configuration to improve reach. This makes results sensitive to application architecture and environment constraints.
Plan & Pricing
| Plan | Price | Key features & notes |
|---|---|---|
| Free | $0 per month (Free Forever) | Web and API scanning; Fully-featured API; Up to 3 users; Partial & incremental scans; Standard reports; 5 free scan hours/month; Usage-based only. |
| Enterprise | Contact sales (Custom pricing) | Best for organizations with 5+ targets; Example: 5 targets with unlimited scans; Asset discovery; Unlimited users; Custom roles & permissions; Agent to scan internal targets; Integrations (Slack, Jira, others); Custom scanning profiles; Pause & resume scans; Teams & quotas; Single Sign-On (SSO); Compliance reports; Dedicated account manager; Priority support. |
