Frequently asked questions

Vuln Pro Scan tests across 12 security domains: information gathering and attack surface mapping, configuration and deployment issues, authentication weaknesses, authorization and access control (including IDOR), session management and CSRF, core web vulnerabilities (SQL injection, XSS, open redirect), sensitive data exposure, security headers and browser protections, TLS and transport security, API security, client-side security, and business logic flaws. Coverage varies by scan mode — see the Coverage page for a full breakdown.

A public scan tests the application surface reachable without credentials — covering security headers, TLS, injection points on public forms, and surface-level misconfiguration. An authenticated scan logs into the application using credentials you provide and tests protected areas, unlocking coverage for authorization flaws, IDOR, session weaknesses, authenticated API endpoints, and business logic issues that are invisible to an anonymous scanner.

VulnProScan runs dynamic application security testing (DAST) against the URL you provide — crawling links, forms, and API endpoints, then exercising discovered attack surface across 12 OWASP-aligned categories. Public scans cover external exposure; authenticated scans go deeper into protected application areas.

Vuln Pro Scan tests for SQL injection (including error-based, blind, and time-based variants), reflected and stored cross-site scripting (XSS), DOM-based XSS through dangerous sinks, open redirect vulnerabilities, path traversal, and command injection patterns. All discovered parameters and form inputs are exercised during active testing.

Yes. Security header checks include Content-Security-Policy (CSP), HTTP Strict Transport Security (HSTS), X-Frame-Options (clickjacking protection), Referrer-Policy, and Permissions-Policy. TLS checks cover deprecated protocol support (TLS 1.0/1.1), weak cipher suites, mixed HTTP/HTTPS content, and HSTS preload configuration.

API testing covers unauthenticated endpoints returning sensitive data, GraphQL introspection enabled in production, verbose API error responses that leak internal details, missing rate limiting on API routes, and CORS misconfigurations that allow arbitrary origins.

Findings are organized by severity (Critical, High, Medium, Low, Informational), security category, asset/host, endpoint, scan mode (authenticated or public scan), and status (Open, In Review, Resolved). The dashboard shows trend data across scan runs and a categorized findings table with remediation context for each issue.

Use a full URL including the scheme, for example https://app.example.com. Avoid wildcards; scope is the host and path you submit. Staging environments are ideal for first runs before scanning production.

Runtime depends on application size, number of discovered endpoints, authentication flows, and backend latency. Small apps may finish in a few minutes; larger properties can take longer. The UI shows elapsed time and partial summaries when scans approach time limits.

Reports include severity classification, affected endpoint, security category, evidence of the finding, scan mode context (authenticated vs public), and remediation guidance. Full reports on paid plans include the complete finding list with endpoint-level evidence; trial scans show a masked summary.

Enterprise customers work with VulnProScan on data processing agreements, subprocessors, and evidence packs. VulnProScan outputs support control testing for vulnerability management controls but are not a substitute for a full compliance audit.

Repository analysis, secret detection, and dependency risk scoring are on the roadmap for Pro and Enterprise. Dynamic application scanning remains the core product on all tiers.

Starter is billed monthly. Pro supports additional seats, higher limits, and authenticated scanning capacity. Enterprise is contracted annually with optional professional services.

Automated scanners can flag behavior that is benign in context. Use severity filters, retest after fixes, and tune scope. Enterprise adds workflow states so AppSec can mark accepted risk with rationale.

Trial runs the same scan, but the product only shows a coarse “how much was found” message and a single anonymized sample line—no full titles, URLs, per-severity counts, or full finding list. That keeps the trial useful without giving away the entire report. Membership unlocks full reports on every scan; a one-time purchase unlocks the complete output for that scan after checkout.

After a scan, high-value findings can open a guided wizard: OWASP-aligned templates (e.g. injection, XSS, misconfiguration) with ordered steps—triage, implement controls, validate. When no template matches your exact signal, the flow can enrich steps with AI-assisted guidance (where enabled). You can mark items fixed, run a targeted rescan to confirm the issue is gone, and keep audit-friendly status history in the dashboard on supported plans.

Yes, on Pro and Enterprise you can connect Slack (incoming webhook) and Jira Cloud (API token + project key) so high-severity findings create tickets or channel posts—with deduplication so the same vulnerability hash does not spam your backlog. Configure credentials in product settings; use per-scan toggles where available. Other trackers can be added via webhook or API on Enterprise engagements.