CONTINUOUS EXPOSURE MANAGEMENT · DAST · SBOM

Security testing for modern web, API, and software supply chains.

See what is exposed. Know what is in your software. Operate evidence your auditor accepts. One platform for external and internal DAST, SBOM, SCA, and a CI/CD gate your pipeline already understands.

START FREE TRIAL See the platform
PROTOCOL COVERAGE
REST · OpenAPI · GraphQL · SOAP/WSDL · WebSocket · JWT
Product supports compliance with
GDPR
LGPD
PCI DSS v4.0
ISO 27001
BACEN 4893 & 4658
WASViking is working toward
SOC 2 Type I
ISO 27001 Certification
Visit Trust Center
Trusted by security teams at
Conexa Saude Zenklub Lina Saude
What sets WASViking® apart

Capabilities most scanners do not have

Exploit Path Graph

Visualize real attack paths across your applications and infrastructure.

Correlate vulnerabilities into real attacker paths instead of isolated findings.

Sentinel Internal Scanning

Secure internal validation without inbound VPN exposure.

Outbound-only agent over mTLS for private and internal environment scanning.

Software Supply Chain Intelligence

Continuously validate what ships inside your software.

SBOM, SCA, OSV and compliance-ready evidence for audit and governance workflows.

In-Platform OAST Validation

Out-of-band attack validation without external data exposure.

Keep testing workflows and validation data fully inside the WASViking platform.

Platform Capabilities

One platform for external and internal testing, software supply chain, and audit-ready evidence.

Continuous Exposure Management

Always know your live attack surface across web, API, and internal assets.

Modern API Security

Test REST, GraphQL, SOAP, WebSocket, and JWT flows the way attackers actually probe them.

Edge Threat Radar

Detect scanners, credential abuse, and hostile automation activity in real time.

CI/CD Security Automation

Prevent vulnerable builds from reaching production pipelines.

Actionable Findings & AI Prioritization

Risk-scored findings with operational workflows and deterministic remediation guidance.

Compliance Evidence On Demand

Map findings to PCI DSS, LGPD, GDPR, ISO 27001, and governance workflows ready for audit.

Key Features

The core capabilities of the WASViking platform.

Built for modern security teams that need visibility, automation, and clear answers about what to fix first.

SSL Certificate Monitoring
Compliance & Alerts

Automatic discovery and expiration alerts for all your SSL/TLS certificates.

Threat Intelligence Enrichment
AI-Driven

Real-time threat data integration for deeper risk analysis and smarter decisions.

Internal Asset Coverage
Sentinel Agent

Monitor internal assets securely. No open ports, no VPN. Zero-trust by design.

AI-Powered Recommendations
Actionable Insights

Automated risk classification and mitigation steps using machine learning and expert logic.

What buyers ask in evaluations

Mapped to alternative patterns, not specific products. Validate every row against your shortlist.

The buyer asks What other tools do What WASViking® does
Does it test modern APIs?REST only, GraphQL / SOAP / WebSocket as separate paid SKUsOne platform, all protocols, single license
Can it scan inside my network?VPN, jump host, or on-prem appliance with inbound portsOutbound-only mTLS tunnel via Sentinel agent
Can I see exploit chains, not just findings?Not at all in automated DASTExploit Path Graph with chokepoint analysis
Does it find blind-class vulnerabilities?Third-party collaborator you cannot operateProprietary OAST catcher, kept in-platform
Do you give me an SBOM?A flat CycloneDX dumpFour coordinated layers plus signed Evidence Bundle
Will the AI hallucinate findings?Often, because there is no engine underneathEngines detect, AI explains, deterministic override
Does it speak my auditor's language?Generic security reportPCI DSS, LGPD, GDPR, BACEN, ISO 27001 from one rule table
See the full comparison

Choose Your Plan

Flexible plans to meet your organization’s cybersecurity needs

Starter

$129 /month
  • Up to 5 targets
  • Continuous vulnerability scanning
  • SSL & certificate visibility
  • Software supply chain visibility
  • Basic API security scanning
  • Security alerts & reporting
  • Scheduled security scans
Most Popular

Pro

$299 /month
  • Everything in Starter, plus:
  • Exploit Path Graph
  • Sentinel internal scanning agent (no VPN)
  • Authenticated app & API security testing
  • Supply Chain Threat Intelligence
  • Edge Threat Radar
  • Enterprise access controls (SSO) & multi-user collaboration
  • CI/CD security automation & AI-driven scheduling
  • Slack, Teams & webhook integrations

Business

Custom
Tailored pricing for mid-market teams
  • Everything in Pro, plus:
  • Enterprise access controls (RBAC & granular permissions)
  • Compliance mapping (PCI DSS, LGPD, GDPR, ISO 27001, BACEN)
  • Signed compliance evidence for audits
  • Findings SLA workflow & security orchestration
  • Centralized exposure visibility
  • Jira & enterprise integrations
  • Dedicated customer success manager
  • Invoice & PO billing
Talk to Sales

Enterprise

Custom
Tailored pricing for large organizations
  • Everything in Business, plus:
  • Custom volume and unlimited scanning
  • Private and on-premises deployment
  • Custom compliance modules and premium SLAs
  • Guided onboarding and dedicated support team
Talk to Sales

* Free 14-day trial available on the Starter plan. No credit card required.

Compare WASViking® Plans

Compare Plans Starter Pro Business Enterprise
How you scan it
Targets 5 10 30 Custom*
Subdomain discovery 5
Scheduled scans Up to 2 active schedules Up to 5 active schedules Up to 20 active schedules Custom*
AI Recommendation Custom*
AI Assistant 100 / month 600 / month 5000 / month Custom*
SSL Scan (Certificate) 1 / month 5 / month 50 / month Custom*
Sentinel Agent 1 5 Custom*
Scan report retention 3 months 1 year 1 year Custom*
SSL report/history retention 3 months 1 year 1 year Custom*
How you see it
Dashboard
Scans overview page
Attack surface view
Scans Reporting
SSL Certificate Reporting
Edge Intelligence & Threat Detection (Real-Time Threat Visibility)
Edge Threat Radar
Edge Threat Radar Data Retention 15 days 30 days Custom*
Edge Threat Radar Targets (Edge Assets) 1 target 2 target Custom*
Integrations & Alerts
Email alerts
Slack alerts
MS Teams alerts
API Webhook
Payment
Frequency Monthly / Annual Monthly / Annual Monthly / Annual Custom*
Credit card payments
Payment by invoice Available
Support & Services
Knowledge center
Onboarding support Optimization
Dedicated Customer Success
Enterprise add-ons & services Available All included
Security
Email security code on login
Single sign-on (SSO)
Access logs
Administration
Admin account & user seats 1 admin, up to 3 users 2 admins, up to 10 users 5 admins, up to 50 users Custom*

Not available in this plan   |   Included   |   Contact us for Business and Enterprise pricing
*Displayed limits are standard allocations. Pro plans allow contractual adjustments to features and capacity. Business and Enterprise plans are fully customized and governed by the commercial agreement.

Pricing questions, answered

These plans scale with the number of targets, environments, and governance needs of each organization, so pricing is set per engagement. Talk to our team for a tailored quote and a guided evaluation.

Yes. The Starter plan includes a free trial with no credit card required, so you can run real scans against your own targets during the evaluation.

A target is a primary asset you scan, such as a website, domain, or application. Subdomains discovered under a target do not consume additional target slots.

Yes. The Sentinel agent, included from the Pro plan, opens an outbound-only connection over mTLS, so you can scan internal applications without a VPN or inbound firewall rules. Private and on-premises deployment options are available on the Enterprise plan.

Findings are mapped to frameworks including PCI DSS, LGPD, GDPR, ISO 27001, and BACEN. Out-of-band testing uses a proprietary OAST collaborator under WASViking control, which keeps interaction data inside the platform rather than a third-party service.

You can move between plans as your needs change. Card payments are available on all plans, and invoice or purchase-order billing is available from the Business plan.

Why WASViking®?

Continuous security for your digital assets, with clear actions you can take today.

AI Recommendations

Clear security insights with the context your team needs to act on them.

Continuous Scanning

Automated, real-time scanning for vulnerabilities, SSL, and misconfigurations.

Conversational AI

Ask questions about your environment in plain language and get direct, contextual answers.

Contact Us

We protect companies in the US and Brazil from web and API threats.
Talk to our team.

WASViking
6735 Conroy Rd, Orlando, FL 32835
[email protected]
Talk to Sales
Any questions? Email us or use the chat icon below to talk with our team.
Support, sales, or partnership inquiries: we read every message.