Choose the Plan That Works for You
Run real scans with a limited preview of detected vulnerabilities across your applications & APIs.
$0
Plan Highlights
- 1 scan credit per month
- Scan 1 target per account
- Limited vulnerability insights preview
- Covers web applications & APIs
- OWASP top 10 & CWE-based detection
- Same detection engine as paid plans
- Authenticated scanning supported
- No setup required — start instantly
(Target Based Unlimited Scan)
Best Value
Run unlimited security scans with complete visibility into vulnerabilities across your applications & APIs.
$100
Target = Target Application (URL, Web App, APIs)
Additional targets @ $75 each
Annually
20% Saving
Plan Highlights
- Target based unlimited scans
- Scheduled automated scans
- AI remediation & executive summaries
- Sensitive data & cloud misconfig insights
- 130K+ vulnerability coverage (OWASP, CWE/SANS, Nuclei)
- CVE Intelligence (updated monthly)
- Authenticated scans for complete coverage
- Business logic & access control testing (BOLA, IDOR)
- API pentesting (REST, GraphQL, SOAP, gRPC — incl. internal APIs)
- Region-based data storage & access control
- Continuous compliance coverage (GDPR, ISO27001, PCI-DSS, HIPAA)
- Audit-ready reports for security & compliance
- Unlimited retesting & verification
- Flexible target URL changes (30-day cooling)
- 99.9% accurate results — no manual validation needed
(Unlimited Targets)
Flexible, on-demand security testing with full vulnerability insights across applications & APIs.
$125
Credit Valid for 1 Year
How Volume Discount Works
Buy more scan credits, save more per scan:
- - 5% off from 10–20 credits
- - 10% off from 30–50 credits
- - 15% off from 75–100 credits
- - 20% off from 250+ credits
Discounts are applied
automatically as you increase
your credit purchase.
Each credit @ $25
Plan Highlights
- Unlimited targets
- AI remediation & executive summaries
- Sensitive data & cloud misconfig insights
- 7-day unlimited retest window
- Popular CVE-based attack coverages
- Authenticated scans for complete coverage
- Business logic security testing (BOLA, IDOR, Access Control)
- Pentest of APIs (REST, GraphQL, SOAP, gRPC — incl. internal APIs)
- Region-based data storage & access control
- Compliance view for GDPR, ISO27001, PCI-DSS, HIPAA & more
- Audit-ready compliance reports
- 99.9% accurate results – no manual validation needed
Compare Plans & Choose Your Security Approach
Included in Every Plan: ZeroThreat's Full Security Coverage
Vulnerability Type
- Application & Server Misconfiguration
- File Inclusion
- JavaScript Library & Dependency Security
- Sensitive Data Exposure
- Improper Input/Output Handling
- Insufficient Transport Layer Protection
- Improper File System Permissions
- Information Leakage
- Analysis of Anomalous Behavior
- Directory Indexing
- Content Spoofing
- Fingerprinting
- Routing Detour
- Predictable Resource Location
- Redirection Flaws
- Injection Attacks
Vulnerablities
- SQL Injection
- Cross-Site Scripting (XSS)
- SSL Injection & Certificate Scanning
- XML & XPath Injection
- XQuery Injection
- Format String Attack
- Null Byte Injection
- URL Redirector Abuse
- SSO: Misconfiguration
- Session Fixation
- Session Hijacking
- Weak SSL/TLS Configuration and Certificate Scanning
- Unvalidated Redirects
- Command Injection
Capabilities
- Model State Validation Scanning
- Effortless Scanning with Point-and-Click Simplicity
- Comprehensive Vulnerability Coverage
- Dynamic Threat Intelligence
- Automatic API Detection & Discovery
- Seamless CI/CD Integration
- AI-Driven Analysis, Detection & Remediation
- Zero False Positive with 98.9% Accuracy in Vulnerability Assessments
- Location-Based Data Storage & Scan
- VAPT Testing for Microservices, SPAs, and JavaScript-Heavy Apps
- Rapid Port & Configuration Scanning
- Compliance Reporting
- Unlimited Users & Scalability
- Cloud-Based Convenience with Customizable Region Selection
- Clear Change Tracking & Comprehensive Reporting
Frequently Asked Questions
Why should I choose ZeroThreat?
ZeroThreat is built for modern development. Unlike traditional tools, it works at dev speed, supports AI-generated code, and doesn’t slow teams down. You get fast, automated security testing without needing to be a security expert.
Do I need security knowledge to use ZeroThreat?
What makes ZeroThreat different?
What does ZeroThreat scan for?
Can ZeroThreat scan behind login?
Does it support compliance needs like HIPAA, PCI, ISO 27001?
How long does a scan take?
What is a target?
Can I combine free credits with a paid plan?
What payment methods do you accept?
Need a Plan That Fits Your Environment?
Talk to our team today to see how ZeroThreat fits into your environment and delivers proof-driven security at scale.