Shielded by one of the best cloud-based, API-first, web security scanners (opens in new tab) you can tackle all kinds of web-based threats without putting a deadly blow to your budget – yes, we’re talking about Probely.
Founded in 2016, Probely was built from scratch to enable developers and security teams to work together to rid themselves of various cybersecurity threats. It covers more than 30,000 vulnerability detection capabilities (including SQLi, XSS, Log4j, OS shell injection, and SSL/TLS vulnerabilities) and reports only relevant vulnerabilities, while containing few false positives and providing in-depth guidance on how to fix them.
Probely, headquartered in Lisbon (Portugal), was founded by a team of six skilled web professionals with backgrounds in web development, auditing and securing large-scale, complex and mission-critical projects. In their words, Probely’s main mission is to shape the future where “safety (opens in new tab) accessible, scalable and affordable”.
Probely’s official site looks up-to-date and feels convenient to use – there’s also a blog where you’ll find more than a few helpful tips and tricks.
If you like social networking sites, you can follow Probely on Facebook, Twitter, LinkedIn, and GitHub.
Subscriptions and prices
With Probely, you can choose between a fermium edition, three pre-built paid plans (named “Starter”, “Pro” and “Premium”) and a customizable plan aimed at enterprises and businesses with more than 15 goals.
With the free plan, you get the opportunity to improve your security posture with a so-called lightning scan (which includes security headers, cookie flags, and transport layer security), API access, and vulnerability management tools.
The subscription called “Starter” starts at €39 ($39.70) per month, “Pro” (which is most popular for SMBs) at €69 ($70.20) per month and “Premium” starts at € 399 ($405.90) for each month if billed annually. Some plans are also available for monthly billing, but beware, the costs will increase significantly.
All paid plans come with a 14-day free trial, so try them before you buy.
Features and functionality
Probely is an automated web vulnerability scanner, meaning it scans your web apps and APIs for vulnerabilities and new threats and gives you clues on how to rectify each of them while strengthening your security. Plus, all of these vulnerabilities are automatically ranked by severity so you can set your priorities straight.
Since almost everything in Probely runs automatically, all you need to do is configure your scans in the Settings section and set a schedule on a daily, weekly or monthly basis.
Probely’s capabilities can be tailored to different developers and security teams to meet their needs. Being a developer-focused solution, it’s also built to fit with all the technologies you already use – you can integrate Probely with third-party apps (such as Slack, Jenkins, and Jira) via a full-featured API. For example, you can ask Probely to send you the results of your scans to your Slack channel.
Since Probely’s approach to development is API-first, if you want to add additional features to the user interface (UI), you must add them to API first – and all functionality in the Probely app’s user interface can be accessed via API.
Needless to say, you’ll need a bit of API knowledge to do this – thankfully, there are plenty of how-tos in Probely’s help center.
Interface and ease of use
To get started with Probely, go to the ‘Pricing’ section, choose the plan you want to try out and tap ‘Get Started’. You will be asked to answer a few short questions (such as how many apps/APIs you are going to scan) and fill out a form with your personal information (full name, email address, country, etc.).
After this, you will receive two emails, one for setting your password and the other with step-by-step instructions on how to use Probely, which is a nice perk. So, go through the guide and then move on to the Probely dashboard.
The dashboards themselves are simple, straightforward and straightforward to use, allowing you to add and scan targets in seconds. Once a problem has been fixed and removed from the problem tracker, Probely will automatically run another test to make sure the vulnerability has been properly fixed – and if not, the problem will return to the tracker.
An enterprise edition also allows you to manage users and set up roles, both pre-designed and custom. And since all features are available via API, you can seamlessly integrate Probely into your other enterprise-level security systems.
One of the main selling points of Probely is the very personal and quite competent customer support that you can reach via live chat. However, you can also contact the Probely team through the ticket form or through any social media sites they use.
If you’re a do-it-yourselfer, you’ll probably want to check out Probely’s help center, where you’ll find plenty of easy-to-understand guides, supported by appropriate screenshots. While you can choose one of the pre-selected categories (such as “Quick Instructions”, “Getting Started”, “Scanner”, and so on), it’s easier to find a solution by using the search box.
Crash test protection is a SaaS (opens in new tab)-based web security scanner popular for penetration testing and aimed at development teams – it’s also a solid alternative to Probely. It does not have a fermium edition (unlike Probely) but turns out to be richer in features.
Another notable alternative to Probely and pretty much all vulnerability scanners out there is Nessus. Both solutions are solid – lots of features and few false positives, and they offer free editions of their products. While you can buy Nessus’s scanner with a one-time payment, it’s still quite pricey compared to Probely.
While Probely is one of the easier scanners to understand and use, if it’s not easy enough for you already – check out Sucuri Sitecheck – it’s as simple as they can get and it’s also free to start up. However, it might be a bit too simple for most users.
Probely is a rock-solid API-first vulnerability scanner for web apps, targeting developers, DevOps, SaaS companies and cybersecurity (opens in new tab) teams. Some of the key benefits include API-powered automation, extensive scanning capabilities, and low false positives. However, the fermium edition is so limited that some people think it’s not worth their time.