Clear, transparent pricing trusted by 700+ businesses

Offensive DAST vulnerability scanner that scans behind login for 10,000+ test cases like OWASP Top 10, ports, CVEs & more

Scanner Lite

$69/m

1 Target

Target

Lorem ipsum dolor sit amet consectetur. Odio ridiculus in a nibh rhoncus sem amet cursus. Nulla eget at mauris mattis tellus mauris sit nulla.

  • 3 monthly vulnerability scans with 10,000+ tests (OWASP, SANS, CVEs)
  • Run authenticated scans for full coverage  
  • 1 Integration (CI/CD, Slack, Jira etc.)
  • AI powered conversational vulnerability fixing assistance
Scanner

$199/m

1 Target

Target

Lorem ipsum dolor sit amet consectetur. Odio ridiculus in a nibh rhoncus sem amet cursus. Nulla eget at mauris mattis tellus mauris sit nulla.

Everything in Scanner Lite
  • Unlimited vulnerability scans with 10,000+ tests (OWASP, SANS, CVEs)
  • Run authenticated scans for full coverage  
  • Dedicated API Vulnerability Scanning for upto 50 API endpoints
  • Unlimited integrations
  • AI-powered conversational vulnerability fixing assistance
  • Four expert Vetted Scans to ensure zero false positives
  • Compliance view for SOC2, ISO27001, PCI-DSS, HIPAA etc.
Scanner Agency

$499/m

5 Target Pool

Target

Lorem ipsum dolor sit amet consectetur. Odio ridiculus in a nibh rhoncus sem amet cursus. Nulla eget at mauris mattis tellus mauris sit nulla.

Get Started
Everything in Scanner Lite
  • Unlimited vulnerability scans with 10,000+ tests (OWASP, SANS, CVEs)
  • Run authenticated scans for full coverage  
  • Dedicated API Vulnerability Scanning for upto 50 API endpoints
  • AI-powered conversational vulnerability fixing assistance
  • Flexibly change URLs from 5 target pool (30 day cooling period)
  • Four expert Vetted Scans to ensure zero false positives
  • Compliance view for SOC2, ISO27001, PCI-DSS, HIPAA etc.
  • Account Manager
Scanner Lite

$1200/yr

1 Target

Target

Lorem ipsum dolor sit amet consectetur. Odio ridiculus in a nibh rhoncus sem amet cursus. Nulla eget at mauris mattis tellus mauris sit nulla.

  • 3 monthly vulnerability scans with 10,000+ tests (OWASP, SANS, CVEs)
  • Run authenticated scans for full coverage  
  • 1 Integration (CI/CD, Slack, Jira etc.)
  • AI powered conversational vulnerability fixing assistance
Scanner

$199/yr

1 Target

Target

Lorem ipsum dolor sit amet consectetur. Odio ridiculus in a nibh rhoncus sem amet cursus. Nulla eget at mauris mattis tellus mauris sit nulla.

Everything in Scanner Lite
  • Unlimited vulnerability scans with 10,000+ tests (OWASP, SANS, CVEs)
  • Run authenticated scans for full coverage  
  • Dedicated API Vulnerability Scanning for upto 50 API endpoints
  • Unlimited integrations
  • AI-powered conversational vulnerability fixing assistance
  • Four expert Vetted Scans to ensure zero false positives
  • Compliance view for SOC2, ISO27001, PCI-DSS, HIPAA etc.
Scanner Agency

$4999/yr

5 Target Pool

Target

Lorem ipsum dolor sit amet consectetur. Odio ridiculus in a nibh rhoncus sem amet cursus. Nulla eget at mauris mattis tellus mauris sit nulla.

Get Started
Everything in Scanner Lite
  • Unlimited vulnerability scans with 10,000+ tests (OWASP, SANS, CVEs)
  • Run authenticated scans for full coverage  
  • Dedicated API Vulnerability Scanning for upto 50 API endpoints
  • AI-powered conversational vulnerability fixing assistance
  • Flexibly change URLs from 5 target pool (30 day cooling period)
  • Four expert Vetted Scans to ensure zero false positives
  • Compliance view for SOC2, ISO27001, PCI-DSS, HIPAA etc.
  • Account Manager
Compare plans & FIND the right one for you
DAST Scanner
Scanner Lite
Scanner
Scanner Agency
Number of Scans
3 monthly vulnerability scans with 10,000+ tests (OWASP, SANS, CVEs)
Unlimited vulnerability scans with 10,000+ tests (OWASP, SANS, CVEs)
Unlimited vulnerability scans with 10,000+ tests (OWASP, SANS, CVEs)
Authenticated Scans
Run authenticated scans for full coverage  
Run authenticated scans for full coverage  
Run authenticated scans for full coverage
API Security Platform
Dedicated API Vulnerability Scaning for upto 50 API endpoints
Dedicated API Vulnerability Scaning for upto 50 API endpoints
Integrations
1 Integration (CI/CD, Slack, Jira etc.)
Unlimited intergrations
Unlimited intergrations
Pool of targets
Flexibly change URLs from 5 target pool (30 day cooling period)
Vetted Scans
Compliance view for SOC2, ISO27001, PCI-DSS, HIPAA etc.
Four expert Vetted Scans to ensure zero false positives
Compliance view
Compliance view for SOC2, ISO27001, PCI-DSS, HIPAA etc.
Compliance view for SOC2, ISO27001, PCI-DSS, HIPAA etc.
Account Manager

Hacker style pentest by certified pentesters now made agile & dev friendly with PTaaS platform. Meet & exceed SOC2, ISO, HIPAA needs

EXPERT

$1,999/yr

$166/mo effectively
tick

Unlimited vulnerability scans with 3000+ tests (OWASP, SANS etc.)

tick

Unlimited integrations with CI/CD tools, Slack, Jira & more

tick

Four expert vetted scan results to ensure zero false positives when billed yearly

Vetted Reports ensure that every vulnerability reported by the automated vulnerability scanner is carefully reviewed by our security experts to ensure there are no false positives.
tick

Compliance reporting for SOC2, ISO27001, PCI-DSS, HIPAA etc.

Check where does your application stand with respect to various security compliances specific to your industry. See exactly which vulnerability reported by the vulnerability scanner could cause a compliance leakage.

P.S. This is a compliance view for vulnerabilities reported by our automated scanner (& pentest too if your plan includes that) and shouldn’t be confused with the Pentest/VAPT required as a part of various compliances. If trying to achieve compliance, then you should look at our Pentest Plan which includes a Pentest report required by various auditors.
tick

Everything in the Scanner plan

Web Pentest

$5999/yr

1 Target

$199/mo

1 Target
A target is a URL that will be tested by our vulnerability scanner. It can be the URL of a web application, website, API etc.

If your website makes API calls to different domains, you can add them as an extra host without having to purchase another domain.

Let's say you have a customer dashboard at https://app.example.com/ and an admin dashboard at https://admin.example.com/ with different login pages, then you will need 2 targets.

Click the 🛈 icon to know more.
Ideal for SaaS apps or web based targets
  • Pentest (VAPT) by security experts in OWASP, SANS, PTES etc. standards
  • Cloud configuration review
(AWS/GCP/Azure)
  • Pentest of APIs consumed within Target
  • 2 Re-scans to verify fixes
  • Pentest report for SOC2, ISO27001, HIPAA etc. compliances
  • Publicly verifiable pentest certificate
  • Unlimited DAST vulnerability scans with 10,000+ tests (DAST 'scanner' plan)
  • Automated API Vulnerability Scanner for 100 API endpoints
  • Named account manager
  • Shared Slack channel
Pentest Plus

$9999/yr

2 Targets

Ideal for web app & one more target (mobile app, APIs, cloud etc.)
  • Pentest (VAPT) by security experts in OWASP, SANS, PTES etc. standards
  • Cloud configuration review
(AWS/GCP/Azure)
  • Pentest of APIs consumed within Target
  • 2 Re-scans to verify fixes
  • Pentest report for SOC2, ISO27001, HIPAA etc. compliances
  • Publicly verifiable pentest certificate
  • Unlimited DAST vulnerability scans with 10,000+ tests (DAST 'scanner' plan)
  • Named account manager
  • Shared Slack channel
  • Custom SLA & payment options
Enterprise

Contact us for Custom Plan

Best for enterprises with diverse infrastructure
  • Pentest (VAPT) by security experts in OWASP, SANS, PTES etc. standards
  • Cloud configuration review
(AWS/GCP/Azure)
  • Pentest of APIs consumed within Target
  • Pentest report for SOC2, ISO27001, HIPAA etc. compliances
  • Pentest report for SOC2, ISO27001, HIPAA etc. compliances
  • Publicly verifiable pentest certificate
  • Unlimited DAST vulnerability scans with 10,000+ tests (DAST 'scanner' plan)
  • Automated API Vulnerability Scanner for 100 API endpoints
  • Named account manager
  • Shared Slack channel
  • Custom SLA & payment options
ScannER

$999/yr

$75/mo effectively
1 Target
A target is a URL that will be tested by our vulnerability scanner. It can be the URL of a web application, website, API etc.

If your website makes API calls to different domains, you can add them as an extra host without having to purchase another domain.

Let's say you have a customer dashboard at https://app.example.com/ and an admin dashboard at https://admin.example.com/ with different login pages, then you will need 2 targets.

Know More
Get Started
tick

Weekly vulnerability scans with 3000+ tests (OWASP, SANS etc.)

tick

Essential features like pentest dashboard, PDF reports and scan behind login

Compare plans & fight the right one for you
PTaaS
Web Pentest
Pentest Plus
Scanner Agency
Manual Pentest by Security Experts in OWASP, SANS, PTES etc. standards
Cloud Configuration Review (AWS/GCP/Azure etc.)
Scan APIs Consumed within Target
Re-scans
2 Re-scans to verify fixes
2 Re-scans to verify fixes
2 Re-scans to verify fixes
Pentest Report for SOC2, ISO, HIPAA etc
Publicly Verifiable Pentest Certificate
DAST Scanner with 10,000+ Test Cases
API Security Platform
Named Account Manager
Shared Slack Channel
Custom SLA & payment options
Custom SLA & payment options
Custom SLA & payment options

Continuously discover & scan every API in your infrastructure for broken access control, authorization flaws, OWASP Top 10 & more

Startup

$199/m

$199/mo

1 Target
A target is a URL that will be tested by our vulnerability scanner. It can be the URL of a web application, website, API etc.

If your website makes API calls to different domains, you can add them as an extra host without having to purchase another domain.

Let's say you have a customer dashboard at https://app.example.com/ and an admin dashboard at https://admin.example.com/ with different login pages, then you will need 2 targets.

Click the 🛈 icon to know more.
  • Scan 100 API Enpoints/m
  • API Observability
  • API DAST Scanning (X Test Cases)
  • Authenticated API Scanning
  • 1 Integration (Jira/Slack/CI/CD)
  • 1 Integration (Jira/Slack/CI/CD)
  • OWASP Top 10 Coverage
  • 3 Users
  • Account Manager
Pro

$399/m

  • Scan upto 200 API Endpoints
  • API Observability
  • API DAST Scanning (X Test Cases)
  • Authenticated API Scanning
  • API Inventory
  • Unlimited integrations (CI/CD, Jira, Slack)
  • OWASP Top 10 Coverage
  • 10 Users
Enterprise

Contact us

  • Scan for 300+ API Enpoints/month
  • API Observability
  • API DAST Scanning (X Test Cases)
  • Authenticated API Scanning
  • API Inventory
  • Unlimited integrations (CI/CD, Jira, Slack)
  • 15 Users
  • Named Account Manager
Startup

$399/yr

$199/mo

1 Target
A target is a URL that will be tested by our vulnerability scanner. It can be the URL of a web application, website, API etc.

If your website makes API calls to different domains, you can add them as an extra host without having to purchase another domain.

Let's say you have a customer dashboard at https://app.example.com/ and an admin dashboard at https://admin.example.com/ with different login pages, then you will need 2 targets.

Click the 🛈 icon to know more.
  • Scan 100 API Enpoints/m
  • API Observability
  • API DAST Scanning (X Test Cases)
  • Authenticated API Scanning
  • 1 Integration (Jira/Slack/CI/CD)
  • 1 Integration (Jira/Slack/CI/CD)
  • OWASP Top 10 Coverage
  • 3 Users
  • Account Manager
Pro

$3999/yr

  • Scan upto 200 API Endpoints
  • API Observability
  • API DAST Scanning (X Test Cases)
  • Authenticated API Scanning
  • API Inventory
  • Unlimited integrations (CI/CD, Jira, Slack)
  • OWASP Top 10 Coverage
  • 10 Users
Enterprise

Contact us

  • Scan for 300+ API Enpoints/month
  • API Observability
  • API DAST Scanning (X Test Cases)
  • Authenticated API Scanning
  • API Inventory
  • Unlimited integrations (CI/CD, Jira, Slack)
  • 15 Users
  • Named Account Manager
Compare plans & FIND the right one for you
DAST Scanner
Startup
Pro
Enterprise
Endpoints
Scan 100 API Endpoints/m
Unlimited vulnerability scans with 10,000+ tests (OWASP, SANS, CVEs)
Unlimited vulnerability scans with 10,000+ tests (OWASP, SANS, CVEs)
API Observability
API DAST Scanning (X Test Cases)
Authenticated Scanning
API Inventory
API
Inventory Integrations
(CI/CD, Jira, Slack)
1 Integration (Jira/Slack/CI/CD)
Unlimited integrations (CI/CD, Jira, Slack)
Unlimited integrations (CI/CD, Jira, Slack)
OWASP Top 10 Coverage
Users
3 Users
15 Users
25+ Users
Account Manager

We've got tailored options for those who deal with a diverse infrastructure

For Partners

Think your customers would love Astra too? Let's join forces.

Perfect for
  • Compliance platforms
  • Insurance providers
  • MSSPs
  • Auditors
For Enterprises

Need something more tailored? Our enterprise plan has got you covered.

What you get
  • Pricing that fits your multi-target needs
  • Custom SLAs and contracts
  • Flexible deployment options
  • Named account manager

"Astra identified several moderate and high severity issues that our team never thought existed. We are working in the Mental Health space and data privacy and security are extremely critical to us. That being said, I am thankful for their service."

"Astra identified several moderate and high severity issues that our team never thought existed. We are working in the Mental Health space and data privacy and security are extremely critical to us. That being said, I am thankful for their service."

"Astra identified several moderate and high severity issues that our team never thought existed. We are working in the Mental Health space and data privacy and security are extremely critical to us. That being said, I am thankful for their service."

Trusted by 700+
Engineering Teams

What exactly is PTaaS?
Think of it as bringing security engineers and dev teams together for continuous, agile pentests. It's pentesting that keeps up with your pace.
How's this different from traditional pentesting?
Think of it as bringing security engineers and dev teams together for continuous, agile pentests. It's pentesting that keeps up with your pace.
Sounds great, but what's the damage to my wallet?
Think of it as bringing security engineers and dev teams together for continuous, agile pentests. It's pentesting that keeps up with your pace.
Sounds great, but what's the damage to my wallet?
Think of it as bringing security engineers and dev teams together for continuous, agile pentests. It's pentesting that keeps up with your pace.
Sounds great, but what's the damage to my wallet?
Think of it as bringing security engineers and dev teams together for continuous, agile pentests. It's pentesting that keeps up with your pace.
What exactly is PTaaS?
Think of it as bringing security engineers and dev teams together for continuous, agile pentests. It's pentesting that keeps up with your pace.
Sounds great, but what's the damage to my wallet?
Think of it as bringing security engineers and dev teams together for continuous, agile pentests. It's pentesting that keeps up with your pace.
How's this different from traditional pentesting?
Think of it as bringing security engineers and dev teams together for continuous, agile pentests. It's pentesting that keeps up with your pace.
Sounds great, but what's the damage to my wallet?
Think of it as bringing security engineers and dev teams together for continuous, agile pentests. It's pentesting that keeps up with your pace.

Find & fix every vulnerability with Astra

Astra's continuous pentest platform: PTaaS for expert led pentesting, DAST Scanner for continuous vulnerability detection & API Security Platform for API observability &
vulnerability scanning - all working together to secure your applications.

2 Million+
Vulnerabilities Uncovered
3,000+
Pentests Completed
4.6/5
on G2