OP Innovate List Price
Platform
WASP Platform
Credits
Each credit = $1,000vnvnbvnbvnmvbnvmnv
WASP Managed Attack Surface Management
OP Innovate ASM
Up to 250 scanned assets, annual basis, includes triaging and a dedicated customer success
15
Each credit = $1,000
WASP Vulnerability Disclosure Program
OP Innovate VDP
Up to 60 submissions per year, 1 credit per additional 10 submissions
10
WASP PTaaS Bundle - ASM, VDP and PT
Includes the ASM and VDP modules, plus a PT solution for a single web application (Basic Package)
40
Solutions
Application Security
Credits
Web Application Penetration Testing (Basic Package)
A single web application with up to 3 user types and 30 dynamic pages. Based on the OWASP Top10
20
Mobile Application Penetration Testing (Basic Package)
Based on iOS and Android
23
Web and Mobile Bundle
Bundle of Web and Mobile penetration testing
35
Advanced Testing Packages (Tailored per need
Corporate Security
Credits
Internal Network Infrastructure Penetration Test (Basic Package)
Up to 1K endpoints
30
Red Team Exercise
50
Advanced Packages are tailored per customer
Includes the service for 1 PT per year on the same app with retest etc (Basic Package)
Corporate Security
Credits
Crisis management
For the initial 70 response hours. Any additional response hour is set for $450 /h
30
Incident Response Retainer 24x7x8 - basic package
Up to 20 hours of onboarding and 20 hours of the initial response time
10
Incident Response Retainer 24x7x4 - advanced package
Up to 60 hours of onboarding and 85 hours of the initial response time
35
TOTAL:
| WASP Modules - PTaaS | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| Module | WASP CAASM - Cyber Asset Attack Surface Management | WASP External Attack Surface Management | WASP Vulnerability Disclosure Program | Cloud Security Posture Management (beta) | Mobile Application Scanning (beta) | WASP Automations | WASP Advanced CTI | WASP API Scanning | WASP Authenticated scans |
| Detailed description |
Comprehensive Asset Management Solutions Our asset management capabilities streamline the identification and oversight of your IT ecosystem, integrating seamlessly with DNS services, cloud providers, and other critical infrastructure. Detect Shadow IT and Strengthen Visibility Gain full visibility into your organization's digital landscape by uncovering unauthorized or unmanaged systems, services, and applications, commonly referred to as shadow IT. This proactive approach helps mitigate risks stemming from overlooked vulnerabilities and ensures better alignment with security policies. Risk-Based Vulnerability Management (RBVM) Our advanced RBVM links assets to business units or products, delivering actionable insights that align security with business priorities. Measuring and Prioritizing Asset Risk We evaluate asset risk using a multidimensional approach, factoring in security coverage, identified vulnerabilities, their severity, and asset prioritization. This ensures your organization can focus on what matters most, optimizing resources and strengthening your overall security posture. |
Introduction By integrating advanced scanning engines, we are redefining exposure management, enabling security professionals to efficiently test, discover, assess, and manage both internal and external exposures. Streamlined Security Through Integration Designed to streamline processes and enhance visibility, WASP integrates advanced scanning engines—a mix of off-the-shelf solutions and custom-developed technologies by our team—to uncover vulnerabilities, mitigate risks, and ensure comprehensive protection across your digital ecosystem. By leveraging these integrated engines, security teams gain actionable insights and control, enabling them to stay ahead of emerging threats and safeguard critical assets with confidence. EASM Scanning Engines WASP’s advanced External Attack Surface Management (EASM) scanning engines are at the core of its proactive security approach. These engines continuously monitor your external attack surface, delivering unparalleled observability into your organization’s and applications’ security posture. By automating the discovery and assessment of vulnerabilities, the EASM engines drastically reduce Mean Time to Detect (MTTD), identifying risks earlier in the development lifecycle by scanning staging environments. This proactive capability eliminates vulnerabilities before they reach production, reducing the risk of exploitation and shrinking the attack surface. The scanning engines identify risks from both known and unknown expansions of the digital attack surface, including the adoption of new technologies. They de-duplicate and contextualize findings, scoring vulnerabilities to prioritize the most critical issues. With WASP’s EASM engines, your security team can efficiently allocate resources and address threats with precision, enhancing overall resilience against potential attacks. |
WASP VDP: Harnessing the Power of Crowdsourcing The Vulnerability Disclosure Program (VDP) is your organization's invitation to a collaborative journey with independent researchers and the general public. By leveraging the collective expertise of the security community, VDP creates a dynamic flow that facilitates the discovery and reporting of security vulnerabilities in your applications. Building on best practices, WASP VDP aligns with industry standards for effective vulnerability management, ensuring clarity and confidence for researchers and organizations alike. Key features include structured workflows, real-time communication, and comprehensive reporting mechanisms that drive actionable outcomes. This open-door policy transforms potential threats into opportunities for fortification, enabling your organization to proactively identify and address vulnerabilities before they can be exploited. By embracing crowdsourced intelligence, WASP VDP empowers your security posture with: Global Expertise: Access insights from a diverse pool of independent researchers. Proactive Defense: Identify vulnerabilities early, reducing risk exposure. Transparent Reporting: Encourage responsible disclosure and build trust with stakeholders. Structured Process: Ensure consistent handling of vulnerability reports with clear guidelines. Actionable Insights: Receive detailed reports to prioritize and remediate vulnerabilities effectively. Recognition and Incentives: Motivate researchers through recognition programs or other rewards. WASP VDP turns external input into a valuable resource, fortifying your defenses and fostering a collaborative security culture while maintaining alignment with industry-leading practices. |
WASP’s Cloud Security Posture Management (CSPM) capabilities deliver unparalleled oversight and control over your cloud environments. By continuously monitoring for misconfigurations, vulnerabilities, and policy violations, WASP ensures that your cloud infrastructure aligns with industry standards and security best practices. Key features of WASP CSPM include: - Continuous Monitoring: 24/7 scanning for misconfigurations and potential security gaps. - Compliance Mapping: Ensures adherence to industry regulations such as GDPR, HIPAA, and CIS benchmarks. - Risk Prioritization: Contextual scoring of vulnerabilities to focus on the most critical issues. - Multi-Cloud Support: Comprehensive coverage for hybrid and multi-cloud environments. Automated Remediation: Offers actionable fixes and streamlined workflows to address issues quickly. |
Mobile Security Scanning WASP’s Mobile Security Scanning capabilities provide robust analysis and risk identification for mobile applications (Android and iOS), ensuring comprehensive protection across mobile platforms. WASP detects vulnerabilities, insecure configurations, and compliance gaps within mobile applications during both development and deployment stages. Key features include: Static and Dynamic Analysis: Uncover potential risks in both the codebase and runtime behaviors of mobile applications. Application Hardening Checks: Evaluate and enhance mobile app security to mitigate tampering and reverse engineering risks. Compliance and Best Practices: Ensure adherence to industry standards such as OWASP Mobile Security Guidelines. Integration with Development Pipelines: Seamlessly integrate scanning capabilities into CI/CD workflows to identify issues early in the development lifecycle. Actionable Remediation Insights: Provide clear, context-aware recommendations to address vulnerabilities efficiently. |
WASP's integration with Workato empowers users to automate workflows efficiently and creatively, transforming how they manage processes and integrations. Key highlights include: Automated Asset Classification: Automatically triage and classify new assets based on predefined rules, reducing manual workload. Enhanced Scanning Processes: Trigger automated scans for staging environments, ensuring readiness before production. Custom Automation Flexibility: Leverage Workato's pre-built recipes to craft tailored workflows suited to specific operational needs. Streamlined Operations: Enable seamless communication between systems, fostering scalability and efficiency. This integration enables organizations to focus on strategic tasks while automation handles repetitive processes. |
Provides advanced Cyber Threat Intelligence to help organizations understand and mitigate cyber threats. Description WASP Advanced Cyber Threat Intelligence (CTI) offers in-depth analysis of the threat landscape, enabling proactive defense strategies. Our CTI service helps organizations identify potential attackers, understand their motives, and anticipate future threats. Key features include: - Threat actor profiling - Indicator of Compromise (IOC) feeds - Vulnerability intelligence - Strategic threat reporting | Identify and mitigate API vulnerabilities with WASP API Scanning. In-depth analysis for common flaws, with actionable remediation insights. Description Secure Your APIs: Identify and mitigate vulnerabilities in your APIs with WASP's dedicated API Scanning service. Comprehensive Analysis: Our scanning engine performs in-depth analysis to detect common API security flaws, including those outlined in OWASP API Security Top 10. Actionable Insights: Receive clear reports on found vulnerabilities, their potential impact, and guidance for remediation to strengthen your API security posture. | Gain deeper security insights with Authenticated Scans. Test applications from a logged-in user perspective to uncover hidden vulnerabilities. Description Deeper Security Insights: WASP Authenticated Scans provide a more comprehensive assessment of your applications by testing them from an authenticated user's perspective. Uncover Hidden Vulnerabilities: By logging in, our scanners can access areas unavailable to unauthenticated scans, revealing vulnerabilities that might otherwise be missed. Enhanced Coverage: Ensure thorough testing of user-specific functionalities and data access controls to fortify your application against sophisticated attacks. |
| SKU | WASP-CAASM | WASP-EASM | WASP-VDP | WASP-CSPM-Beta | WASP-MobSF-Beta | WASP-Workato | WASP-CTI | ||
| Packages | # of assets per package |
Customers price list per asset per month |
Customer annual price list |
|---|---|---|---|
| Up to 250 | 250.00 | $10.00 | $30,000.00 |
| Up to 500 | 500.00 | $9.00 | $54,000.00 |
| Up to 1000 | 1,000.00 | $8.50 | $102,000.00 |