SOOS SAST is a cloud-based Dynamic Application Security Testing (DAST) platform designed to identify vulnerabilities in running web applications and APIs. The solution leverages the power of OWASP ZAP to continuously test applications for exploitable paths, such as SQL injection and cross-site scripting, during runtime. SOOS SAST integrates directly into build pipelines, enabling security testing as part of the development workflow (DevSecOps). The platform supports unlimited domains and concurrent scans, consolidates DAST and Software Composition Analysis (SCA) results in a single dashboard, and provides scan history and actionable issue tracking. It is engineered for accessibility, offering flat-rate pricing with unlimited seats and scans, making advanced security testing available to organizations of all sizes.

Key Features

Automated Runtime Vulnerability Scanning Continuously tests running web applications and APIs for security flaws.

• Detects vulnerabilities such as SQL injection, XSS, and more.
• Uses OWASP ZAP for exploit path detection.

CI/CD Pipeline Integration Seamlessly integrates with build and deployment workflows.

• Enables shift-left security practices.
• Automates security testing during development and deployment.

Unified Security Dashboard Consolidates DAST and SCA results for comprehensive reporting.

• Provides scan history and actionable issue tracking.
• Pushes issues to GitHub’s Security dashboard.

Unlimited Scans and Seats Flat-rate pricing with no limits on domains, scans, or users.

• Supports large-scale and frequent testing.

API Security Testing Scans APIs including OpenAPI, GraphQL, and SOAP endpoints.

• Identifies vulnerabilities in API specifications and implementations.

Benefits

Comprehensive Vulnerability Detection Identifies runtime vulnerabilities in web applications and APIs.

• Reduces risk of exploitation in production environments.
• Enables proactive remediation before deployment.

Scalable and Accessible Security Testing Flat-rate pricing and unlimited usage.

• Suitable for organizations of any size.
• Removes barriers to adopting robust security practices.

Streamlined DevSecOps Integration Automates security testing in CI/CD pipelines.

• Facilitates continuous security monitoring and compliance.
• Centralizes issue management and reporting.