Hi there! How can I help you?

Search through FAQ

Vulnerability scanning is a process where an automated program is looking for vulnerabilities and security misconfigurations in your web application or network.

Usually, vulnerability scanners execute a predefined workflow to identify any exploitable vulnerability type.

Once a vulnerability scanner has found and verified a valid security flaw, it creates an alert and reports the finding accordingly.

This truly depends on how big and complex your web application or API is and your scan configuration.

You can scan your web application as many times as you want.

However, we do recommend you at least scan your web application each time you push new code.

Throughout our years of experience as web app penetration testers and bug bounty hunters

We sometimes used third-party vulnerability scanners to automate some of our workflows, and it didn't work out well for us.

We had times when we found vulnerabilities while some vulnerability scanners just couldn't, even after pointing out where to scan.

This never allowed us to put our trust in vulnerability scanners. And we found that this should change.

Today, Nova Security is capable of finding vulnerabilities in various contexts, vulnerabilities that otherwise would've been left undetected by other scanners.

That is one key element that sets us apart from our competitors. It's our unfair advantage.

Nova Security provides an API in place for you to use in your development cycle.

This will allow your team to fully automate the vulnerability scanning process.

Yes, we even encourage you to do so to uncover any hidden security flaws that may have had devastating effects if they're left untouched.

No. We give you the option to set a rate limit to not put excessive load on your server.

As we are still in the early private beta phase, it is not yet possible for us to provide an accurate price for our services.

If you've signed up for our waitlist, you should receive more details and get notified once we launch.

If you have signed up as a security researcher or bug bounty hunter, by default, when you enable monitoring for a project. We save the data to track changes and to notify you accordingly.
This is necessary as else, we won't be able to know what new assets have been added.
However, you always get the option to permanently delete any project data from our database.

If you registered as a business, we provide you with a pre-set timeframe to export your scan results.
After the timeframe has elapsed, we permanently delete any data on our databases to keep your online business safe.

In general, we do not collect any data as we run our own scans to provide you with our services.
If this happens to change in the future, we will anonymise any data and will always include the option to allow you to opt out at any time.

Couldn't find what you're looking for?

We would love to hear from you! Reach out to us through our contact form