Modern DAST, Pentesting & API Security Plans
- AI-Powered Pentesting
- Business Logic Testing
- API Discovery & Coverage
- Zero False-Positive Noise
Get 5 free scan credits on sign-up — valid for 15 days. No card needed.
Try ZeroThreat with real scan access — explore its capabilities risk-free.
$0
- 1 free scan credit per month
- Scan 1 target per account, per month
- High-level scan overview included
- Covers web applications & APIs
- OWASP Top 10 & CWE-based coverage
- Threat detection with 40,000+ payloads
- Run authenticated scans
- No setup required
Most Popular
(Target Based Unlimited Scan)
For dev teams running frequent scans across staging, QA, and production.
$100
Additional targets @ $75 each
Annually
20% Saving
- Target based unlimited scans
- AI remediation & executive summaries
- Sensitive data & cloud misconfig insights
- Unlimited vulnerability scans with 40,000+ tests (OWASP, CWE/SANS)
- Run authenticated scans for full coverage
- Business Logic Security Testing (BOLA, IDOR, Access Control)
- Pentest of APIs (REST, GraphQL, SOAP, gRPC — incl. internal APIs)
- Region-based data storage & access control
- Continuous compliance visibility (GDPR, ISO27001, PCI-DSS, HIPAA)
- Ongoing audit-ready compliance reports
- Unlimited Vulnerability retest & verification
- CI/CD integration (GitLab, Jenkins, CircleCI)
- Project tool integration (Slack, Jira, Trello)
- Scheduled automated scans
- Flexible target URL changes (30-day cooling)
- 98.9% accurate results – no manual validation needed
(Unlimited Targets)
For developers or security teams needing flexible, on-demand scans.
$125
Credit Valid for 1 Year
How Volume Discount Works
Buy more scan credits, save more per scan:
- - 5% off from 10–20 credits
- - 10% off from 30–50 credits
- - 15% off from 75–100 credits
- - 20% off from 250+ credits
Discounts are applied
automatically as you increase
your credit purchase.
Each credit @ $25
- Unlimited targets
- AI remediation & executive summaries
- Sensitive data & cloud misconfig insights
- 7-day unlimited retest window
- Unlimited vulnerability scans with 40,000+ tests (OWASP, CWE/SANS)
- Run authenticated scans for full coverage
- Business Logic Security Testing (BOLA, IDOR, Access Control)
- Pentest of APIs (REST, GraphQL, SOAP, gRPC — incl. internal APIs)
- Region-based data storage & access control
- Compliance view for GDPR, ISO27001, PCI-DSS, HIPAA & more
- Audit-ready compliance reports
- 98.9% accurate results – no manual validation needed
Choose the Plan That Fits You Best
| Feature | Free | Professional | Pay Per Scan |
|---|---|---|---|
| Full vulnerability scanning |  | | |
| Web & API pentesting | | | |
| Authenticated scans | | | |
| AI remediation & executive summaries |  | | |
| Sensitive data, secrets & cloud misconfiguration insights | | | |
| Audit-ready compliance reports | | Ongoing | Point-in-time |
| Compliance visibility | | | |
| Retest & verification | | Unlimited | 7-day window |
| Scheduled scans | | | |
| CI/CD integration | | | |
| Project tool integrations | | | |
| Concurrent scans | | | |
| Best for | Exploring scans | Continuous security | One-time audits |
Built for Complex Infrastructures
Tailored solutions for diverse and secure environments.
For Partners
White-label ZeroThreat reports and offer powerful security scans to your clients.
Perfect for:
- Penetration testing companies
- Insurance providers
- MSSPs
- Security auditors
- Compliance platforms
For Enterprises
Need more flexibility or scale? Our enterprise plan is designed for you.
What you get:
- Pricing that fits multi-target environments
- Custom SLAs and compliance-ready contracts
- Flexible deployment options (cloud, hybrid)
- Role-based access control (RBAC) testing
- Dedicated account manager
Included in Every Plan: ZeroThreat's Full Security Coverage
Vulnerability Type
- Application & Server Misconfiguration
- File Inclusion
- JavaScript Library & Dependency Security
- Sensitive Data Exposure
- Improper Input/Output Handling
- Insufficient Transport Layer Protection
- Improper File System Permissions
- Information Leakage
- Analysis of Anomalous Behavior
- Directory Indexing
- Content Spoofing
- Fingerprinting
- Routing Detour
- Predictable Resource Location
- Redirection Flaws
- Injection Attacks
Vulnerablities
- SQL Injection
- Cross-Site Scripting (XSS)
- SSL Injection & Certificate Scanning
- XML & XPath Injection
- XQuery Injection
- Format String Attack
- Null Byte Injection
- URL Redirector Abuse
- SSO: Misconfiguration
- Session Fixation
- Session Hijacking
- Weak SSL/TLS Configuration and Certificate Scanning
- Unvalidated Redirects
- Command Injection
Capabilities
- Model State Validation Scanning
- Effortless Scanning with Point-and-Click Simplicity
- Comprehensive Vulnerability Coverage
- Dynamic Threat Intelligence
- Automatic API Detection & Discovery
- Seamless CI/CD Integration
- AI-Driven Analysis, Detection & Remediation
- Zero False Positive with 98.9% Accuracy in Vulnerability Assessments
- Location-Based Data Storage & Scan
- VAPT Testing for Microservices, SPAs, and JavaScript-Heavy Apps
- Rapid Port & Configuration Scanning
- Compliance Reporting
- Unlimited Users & Scalability
- Cloud-Based Convenience with Customizable Region Selection
- Clear Change Tracking & Comprehensive Reporting
Frequently Asked Questions
Why should I choose ZeroThreat?
ZeroThreat is built for modern development. Unlike traditional tools, it works at dev speed, supports AI-generated code, and doesn’t slow teams down. You get fast, automated security testing without needing to be a security expert.
Do I need security knowledge to use ZeroThreat?
What makes ZeroThreat different?
What does ZeroThreat scan for?
Can ZeroThreat scan behind login?
Does it support compliance needs like HIPAA, PCI, ISO 27001?
How long does a scan take?
What is a target?
Can I combine free credits with a paid plan?
What payment methods do you accept?
Find, Fix & Prevent Vulnerabilities – Fast.
ZeroThreat’s AI-powered DAST, Automated Pentesting, and API Security come together to give you full-stack coverage. No setup. No delays. Just real results.