Probely

Simple-to-use automated web app vulnerability scanner with full-featured API

Probely
(Image: © Probely)

TechRadar Verdict

Probely won’t only help you detect vulnerabilities but will also give you detailed directions on how to fix them. It’s a solid choice for those who value developer-friendliness and superb customer support – and it won’t cost you dearly to boot.

Pros

  • +

    Developer-friendly and full API access

  • +

    Third-party integrations

  • +

    Simple enough to use

  • +

    Solid customer support

Cons

  • -

    Bare bones free edition

Why you can trust TechRadar We spend hours testing every product or service we review, so you can be sure you’re buying the best. Find out more about how we test.

Shielded by one of the best cloud-based, API-first, web security scanners you can confront all sorts of web-based threats without dealing a deadly blow to your budget – yes, we’re talking about Probely.

Created in 2016, Probely was built from scratch to empower developers and security teams working together to rid themselves of various cybersecurity risks. It covers over 30,000 vulnerabilities detection capabilities (including SQLi, XSS, Log4j, OS shell injection, and SSL/TLS issues) and reports only relevant vulnerabilities while staying low on false positives and providing in-depth guidelines on how to fix them.

Headquartered in Lisbon (Portugal), Probely was created by a team of six skilled web professionals with backgrounds in web development, auditing, and securing large-scale, complex, and mission-critical projects. In their words, Probely’s main mission is to shape the future where “security is accessible, scalable, and affordable”.  

Probely’s official site looks up-to-date and feels convenient to use – it also features a blog where you'll find more than a few helpful tips and tricks.

If you’re into social networking sites, you can follow Probely on Facebook, Twitter, LinkedIn, and GitHub.

Probely

(Image credit: Probely)

Plans and pricing

With Probely you can choose between a fermium edition, three pre-built paid plans (named “Starter”, “Pro”, and “Premium”), and one customizable plan aimed at enterprises and businesses with over 15 targets.

With the free plan, you’ll get the possibility to improve your security posture with a so-called lightning scan (which covers security headers, cookie flags, and transport layer security), API access, and vulnerability management tools.

The plan called “Starter” starts at €39 ($39.70) per month, “Pro” (which is ranked as the most popular for SMBs) at €69 ($70.20) per month, and “Premium” starts at €399 ($405.90) for each month if billed annually. Some plans are also available on a monthly billing but, beware, the cost will spike up significantly.

All paid plans come with a 14-day free trial, so give them a try before buying anything.

Probely

(Image credit: Probely)

Features and functionality

Probely is an automated web vulnerability scanner, which means it will scan your web apps and APIs for vulnerabilities and new threats and give you pointers on how to straighten each of these and strengthen your security at the same time. Plus, all these vulnerabilities are automatically ranked based on the severity, so you can set your priorities straight. 

Also, since pretty much everything in Probely runs automatically, all you need to do is configure your scans in the settings section and set a schedule on a daily, weekly, or monthly basis.

Probely’s capabilities can be customized for different developers and security teams to fit their needs. Also, since this is a developer-centric solution, it’s made to match any technologies you’re already using – you can integrate Probely with third-party apps (such as Slack, Jenkins, and Jira) via full-featured API. For instance, you can get Probely to send you the results of your scans to your Slack channel.

Since Probely’s approach to development is API-first, if you want to add any additional features to the user interface (UI), you’ll have to add them to API first – and every functionality in Probely app’s UI can be accessed via API. 

Needless to say, you’ll need a bit of API know-how to do any of this – fortunately, there are plenty of how-tos in Probely’s help center.

Interface and ease of use

To kick things off with Probely, go to the “Pricing” section, pick out the plan you want to try out, and tap into “Get Started”. You’ll be asked to answer a couple of quick questions (such as the number of apps/APIs you’ll be scanning) and fill in a form with your personal information (full name, e-mail address, country, and so on).  

After this, you’ll get two e-mails, one for setting up your password and the other with step-by-step instructions on how to use Probely, which is a nice little touch. So, go through the guide and then go ahead to Probely’s dashboard.

The dashboards itself is simple, clear, and straightforward to use allowing you to start adding targets and scanning them in a matter of seconds. Once an issue is fixed and cleared from the issue tracker, Probely will automatically run a re-test to make sure the vulnerability is rightly fixed – and if it isn’t, the issue will return to the tracker.

With an enterprise edition, you’ll also be able to manage users and set roles, pre-designed or custom ones alike. Plus, since all features are available through API, you can integrate Probely into your other enterprise-level security systems without a hitch.

Probely

(Image credit: Probely)

Customer support

One of Probely’s major selling points is its particularly personalized and pretty competent customer support you can reach via live chat. However, you’re also welcome to contact Probely’s team through ticket form or via social media sites they’re using.

If you're a do-it-yourself type of person, you’ll probably want to check Probely’s help center where you’ll find plenty of simple-to-understand guides backed by suitable screenshots. While you can choose one of the pre-selected categories (like “Quick how-tos”, “Getting started”, “Scanner”, and so on), it’s simpler to look for a solution by utilizing the search box.

Competition

Crashtest Security is a SaaS-based web security scanner popular for penetration testing and it’s geared towards development teams – also, it’s a solid alternative to Probely. It doesn’t feature a fermium edition (unlike Probely) but does turn out to be richer in terms of features. 

Another noteworthy alternative to Probely, and virtually to all vulnerability scanners out there, is Nessus. Both solutions are solid - high on features and low on false positives, and they provide free editions of their products. However, while you can purchase Nessus’s scanner with a one-time payment it’s still pretty pricey in comparison with Probely.  

While Probely is one of the simpler scanners to understand and use, if it still isn’t simple enough for you – check Sucuri Sitecheck – it’s as simple as they get and it’s also free to boot. However, it might be a bit too simple for most users.

Probely

(Image credit: Probely)

Final verdict

Probely is a rock-solid API-first web app vulnerability scanner aimed at developers, DevOps, SaaS companies, and cybersecurity teams. Some of its main advantages include API-powered automation, comprehensive scanning capabilities, and low false positives. However, its fermium edition is so severely limited some people may think it isn’t worth their time.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.