From 2cb9e8c28e06cb5e477facb30f18733e0f55b1c7 Mon Sep 17 00:00:00 2001 From: "vijay.vaghela" Date: Wed, 20 May 2026 18:36:39 +0530 Subject: [PATCH 1/2] feat(ui): update FAQ content --- public/assets/getting-started.faq.json | 11 ++++------- public/assets/plans.faq.json | 8 ++++---- public/assets/pricing.faq.json | 4 ++-- public/assets/product.faq.json | 2 +- public/assets/scan.faq.json | 4 ++-- public/prod/getting-started.faq.json | 11 ++++------- public/prod/plans.faq.json | 8 ++++---- public/prod/pricing.faq.json | 4 ++-- public/prod/product.faq.json | 2 +- public/prod/scan.faq.json | 4 ++-- public/stage/getting-started.faq.json | 6 +++--- public/stage/plans.faq.json | 8 ++++---- public/stage/pricing.faq.json | 4 ++-- public/stage/product.faq.json | 2 +- public/stage/scan.faq.json | 4 ++-- 15 files changed, 38 insertions(+), 44 deletions(-) diff --git a/public/assets/getting-started.faq.json b/public/assets/getting-started.faq.json index 7cb0fae..71c2685 100644 --- a/public/assets/getting-started.faq.json +++ b/public/assets/getting-started.faq.json @@ -9,7 +9,7 @@ }, { "q":"What are the system requirements to use ZeroThreat? ", - "a":"ZeroThreat is a cloud-based Dynamic Application Security Testing (DAST) platform designed for ease of use and broad accessibility. Since it operates entirely in the cloud, there are no specific hardware or software requirements for running scans or accessing the platform. You can use ZeroThreat from any modern device with an internet connection and a web browser. " + "a":"ZeroThreat is a cloud-based penetration testing platform that requires only a modern web browser and internet connection. Since it operates entirely in the cloud, there are no specific hardware or software requirements for running scans or accessing the platform. You can use ZeroThreat from any modern device with an internet connection and a web browser. " }, { "q":"Does ZeroThreat require installation or is it cloud-based? ", @@ -35,7 +35,6 @@ "q":"What authentication methods does ZeroThreat support? ", "a":"ZeroThreat supports a wide range of authentication mechanisms through its Chrome Extension, making it easy to scan even complex authenticated areas. You don\u2019t need to manually configure tokens or headers\u2014just use the extension to record a login sequence or use active user session. It handles form-based logins, CAPTCHA challenges, multi-factor authentication (2FA\/MFA), OTPs, and other interactive login flows by capturing real browser behavior. This approach ensures that ZeroThreat can access and scan secure sections of your application without requiring static credential input. " }, - { "q":"How does ZeroThreat ensure my data is secure? ", "a":"ZeroThreat ensures data security through: \n\n- End-to-End Encryption: SSL\/TLS for secure data transmission. \n- Zero Trust Architecture: Every access request is verified. \n- Compliance: Adheres to GDPR and data privacy regulations. \n- Data Scan & Storage Location: Choose where your data is scanned and stored in real-time. " @@ -62,7 +61,7 @@ }, { "q":"Why do I need continuous web application security testing if I already perform manual penetration tests? ", - "a":"Manual penetration tests are valuable, but they\u2019re typically periodic and may miss vulnerabilities introduced between test cycles. Continuous web application security testing with tools like ZeroThreat helps you catch threats in real-time as code changes are made. It ensures consistent monitoring, rapid detection, and quick remediation\u2014closing the gaps that manual testing alone can't cover. This proactive approach significantly reduces your risk of breaches, especially in agile or DevOps environments where application updates are frequent. " + "a":"Manual penetration tests provide point-in-time assessments, but modern applications change constantly through deployments, APIs, and third-party integrations. Continuous security testing helps identify newly introduced vulnerabilities, exposed attack paths, and emerging CVEs in real time, reducing the window between vulnerability introduction and detection while continuously validating exploitability and business impact. " }, { "q":"What all can I security test using ZeroThreat? ", @@ -70,7 +69,7 @@ }, { "q":"Is it safe to scan production environments with ZeroThreat?", - "a":"While ZeroThreat is designed with security in mind, we strongly running scans only in non-production environments. ZeroThreat performs active testing, which may generate high request volumes, modify data, or trigger alerts\u2014potentially impacting live systems. For safer and more controlled results, always scan in a staging or testing environment that closely mirrors production." + "a":"Yes. ZeroThreat is designed for production-safe security testing with safeguards to minimize service disruption. The platform uses controlled execution, intelligent rate handling, and exploit validation techniques to safely identify real vulnerabilities in live web applications and APIs without relying on destructive testing methods. " }, { "q":"How long will it take for a security test to complete? ", @@ -88,6 +87,4 @@ "q":"How to Scan in ZeroThreat if I have WAF setup?", "a":"If your WAF is blocking ZeroThreat requests, ensure it allows traffic whose User-Agent includes the ZeroThreat AI Bot signature. Look for `ZeroThreatAIBot` in the header (versions may vary), for example:`Mozilla/5.0 (Windows NT 10.0; Win64; x64; compatible; +https://zerothreat.ai/sos) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 ZeroThreatAIBot 0.0.65.` Enabling this signature ensures the scanner can access your target without interference from the WAF." } -] - - +] \ No newline at end of file diff --git a/public/assets/plans.faq.json b/public/assets/plans.faq.json index fd05d84..10a9d5e 100644 --- a/public/assets/plans.faq.json +++ b/public/assets/plans.faq.json @@ -1,7 +1,7 @@ [ { - "q": "Is there a difference in features between Pay Per Scan and Professional plans?", - "a": "The Professional plan includes advanced features like CI/CD tools integration, Issue Tracking Integration, Schedule Scanning and Notification Tools integration, which are not available in the Pay Per Scan plan. However, all core scanning capabilities are consistently available across all plans." + "q": "Is there a difference in features between Professional Pay Per Scan and Professional plans?", + "a": "Yes. Both plans provide access to ZeroThreat’s core security testing capabilities, including web application and API scanning, vulnerability validation, and detailed reporting. The main difference is usage and scalability. Professional Pay Per Scan is designed for on-demand testing, while the Professional plan includes recurring scans, continuous testing workflows, and higher operational scale for ongoing security programs." }, { "q": "Can I scan multiple targets with the Pay Per Credit plan?", @@ -12,8 +12,8 @@ "a": "With the Target-based (Professional) plan, you get a 30-day cooling period that allows you to flexibly change your target as needed." }, { - "q": "Can I have multiple plans (Pay Per Credit + Professional) under one account?", - "a": "Yes, you can have both Pay Per Credit and Professional plans under a single account. This is especially useful if you have a target that requires less frequent scanning you can simply purchase a credit for that target while maintaining your Professional plan for others." + "q": "Can I have multiple plans (Professional Pay Per Scan + Professional) under one account?", + "a": "Yes, you can have both Professional Pay Per Scan and Professional plans under a single account. This is especially useful if you have a target that requires less frequent scanning—you can simply purchase a credit for that target while maintaining your Professional plan for others." }, { "q": "How to get free Credits on ZeroThreat Platform?", diff --git a/public/assets/pricing.faq.json b/public/assets/pricing.faq.json index 73ec53e..5fbbb8c 100644 --- a/public/assets/pricing.faq.json +++ b/public/assets/pricing.faq.json @@ -12,8 +12,8 @@ "a": "Yes, you can run unlimited scans on any active target throughout your subscription period—no limits or extra charges." }, { - "q": "How does ZeroThreat pricing compare to traditional DAST tools?", - "a": "ZeroThreat offers more cost-effective pricing compared to traditional DAST tools or vulnerability scanners, with no hidden fees for features like authentication, unlimited scans, or API testing. Our annual subscription plans provide superior value by integrating automated vulnerability detection and remediation, reducing manual efforts and saving your team time and resources." + "q": "How does ZeroThreat pricing compare to traditional pentesting tools?", + "a": "ZeroThreat offers more cost-effective pricing compared to traditional pentesting tools or vulnerability scanners, with no hidden fees for features like authentication, unlimited scans, or API testing. Our annual subscription plans provide superior value by integrating automated vulnerability detection and remediation, reducing manual efforts and saving your team time and resources." }, { "q": "How do bulk purchases of credits or targets impact pricing?", diff --git a/public/assets/product.faq.json b/public/assets/product.faq.json index b03d5b2..91a6704 100644 --- a/public/assets/product.faq.json +++ b/public/assets/product.faq.json @@ -29,7 +29,7 @@ }, { "q": "Is Continuous Integration (CI/CD) available in the Free and Pay Per Scan plans?", - "a": "No, CI/CD is not available in the Free and Pay Per Scan plans. This feature is only included in the Professional and Enterprise plans, which are designed to support automated security testing within your development pipelines." + "a": "No, CI/CD is not available in the Free and Pay Per Scan plans. This feature is only included in the Enterprise Cloud and Enterprise On-Prem plans, which are designed to support automated security testing within your development pipelines." }, { "q": "Are there additional charges for integrations (CI/CD, ticketing, etc.)?", diff --git a/public/assets/scan.faq.json b/public/assets/scan.faq.json index 17e0f3c..7b0334d 100644 --- a/public/assets/scan.faq.json +++ b/public/assets/scan.faq.json @@ -1,7 +1,7 @@ [ { "q":"What happens during a scan? ", - "a":"During a scan, ZeroThreat systematically analyzes your web application or API to detect security vulnerabilities. Our intelligent crawler crawls the target, identifies all accessible endpoints and inputs, and simulates real-world attack techniques to uncover issues like SQL injection, XSS, and authentication flaws. " + "a":"During a scan, ZeroThreat maps the application attack surface, tests web applications and APIs for exploitable vulnerabilities, validates findings with proof-of-impact, and removes false positives using AI-driven verification. Depending on the scan mode, it can also execute authenticated workflows, CVE checks, custom templates, and business logic testing across multi-step attacker paths." }, { "q":"How long will a target scan take? ", @@ -29,7 +29,7 @@ }, { "q":"How often are vulnerabilities added or updated in ZeroThreat? ", - "a":"We consistently update our vulnerability database and scanning engine to efficiently detect threats based on the latest trends and reported CVEs. For example, recent data from CVE Details shows that the most reported vulnerabilities include XSS, SQL Injection, Memory Corruption, Code Execution, and Privilege Escalation. ZeroThreat adapts to these trends to ensure your applications are protected against the most common and critical security risks. " + "a":"ZeroThreat continuously updates its vulnerability intelligence and detection coverage. Newly disclosed CVEs are rapidly mapped into executable checks, often within hours of publication. The platform also updates detection logic for emerging threats, zero-day patterns, and community or custom templates through ongoing intelligence and OTA update mechanisms." }, { "q":"What do the severity levels in ZeroThreat\u2019s findings mean? ", diff --git a/public/prod/getting-started.faq.json b/public/prod/getting-started.faq.json index ab132d0..37ad877 100644 --- a/public/prod/getting-started.faq.json +++ b/public/prod/getting-started.faq.json @@ -9,7 +9,7 @@ }, { "q":"What are the system requirements to use ZeroThreat? ", - "a":"ZeroThreat is a cloud-based Dynamic Application Security Testing (DAST) platform designed for ease of use and broad accessibility. Since it operates entirely in the cloud, there are no specific hardware or software requirements for running scans or accessing the platform. You can use ZeroThreat from any modern device with an internet connection and a web browser. " + "a":"ZeroThreat is a cloud-based penetration testing platform that requires only a modern web browser and internet connection. Since it operates entirely in the cloud, there are no specific hardware or software requirements for running scans or accessing the platform. You can use ZeroThreat from any modern device with an internet connection and a web browser. " }, { "q":"Does ZeroThreat require installation or is it cloud-based? ", @@ -35,7 +35,6 @@ "q":"What authentication methods does ZeroThreat support? ", "a":"ZeroThreat supports a wide range of authentication mechanisms through its Chrome Extension, making it easy to scan even complex authenticated areas. You don\u2019t need to manually configure tokens or headers\u2014just use the extension to record a login sequence or use active user session. It handles form-based logins, CAPTCHA challenges, multi-factor authentication (2FA\/MFA), OTPs, and other interactive login flows by capturing real browser behavior. This approach ensures that ZeroThreat can access and scan secure sections of your application without requiring static credential input. " }, - { "q":"How does ZeroThreat ensure my data is secure? ", "a":"ZeroThreat ensures data security through: \n\n- End-to-End Encryption: SSL\/TLS for secure data transmission. \n- Zero Trust Architecture: Every access request is verified. \n- Compliance: Adheres to GDPR and data privacy regulations. \n- Data Scan & Storage Location: Choose where your data is scanned and stored in real-time. " @@ -54,11 +53,11 @@ }, { "q":"Why do I need continuous web application security testing if I already perform manual penetration tests? ", - "a":"Manual penetration tests are valuable, but they\u2019re typically periodic and may miss vulnerabilities introduced between test cycles. Continuous web application security testing with tools like ZeroThreat helps you catch threats in real-time as code changes are made. It ensures consistent monitoring, rapid detection, and quick remediation\u2014closing the gaps that manual testing alone can't cover. This proactive approach significantly reduces your risk of breaches, especially in agile or DevOps environments where application updates are frequent. " + "a":"Manual penetration tests provide point-in-time assessments, but modern applications change constantly through deployments, APIs, and third-party integrations. Continuous security testing helps identify newly introduced vulnerabilities, exposed attack paths, and emerging CVEs in real time, reducing the window between vulnerability introduction and detection while continuously validating exploitability and business impact. " }, { "q":"Is it safe to scan production environments with ZeroThreat?", - "a":"While ZeroThreat is designed with security in mind, we strongly running scans only in non-production environments. ZeroThreat performs active testing, which may generate high request volumes, modify data, or trigger alerts\u2014potentially impacting live systems. For safer and more controlled results, always scan in a staging or testing environment that closely mirrors production." + "a":"Yes. ZeroThreat is designed for production-safe security testing with safeguards to minimize service disruption. The platform uses controlled execution, intelligent rate handling, and exploit validation techniques to safely identify real vulnerabilities in live web applications and APIs without relying on destructive testing methods. " }, { "q":"How long will it take for a security test to complete? ", @@ -76,6 +75,4 @@ "q":"How to Scan in ZeroThreat if I have WAF setup?", "a":"If your WAF is blocking ZeroThreat requests, ensure it allows traffic whose User-Agent includes the ZeroThreat AI Bot signature. Look for `ZeroThreatAIBot` in the header (versions may vary), for example:`Mozilla/5.0 (Windows NT 10.0; Win64; x64; compatible; +https://zerothreat.ai/sos) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 ZeroThreatAIBot 0.0.65.` Enabling this signature ensures the scanner can access your target without interference from the WAF." } -] - - +] \ No newline at end of file diff --git a/public/prod/plans.faq.json b/public/prod/plans.faq.json index b50b61f..e10ffad 100644 --- a/public/prod/plans.faq.json +++ b/public/prod/plans.faq.json @@ -1,7 +1,7 @@ [ { - "q": "Is there a difference in features between Pay Per Scan and Professional plans?", - "a": "The Professional plan includes advanced features like CI/CD tools integration, Issue Tracking Integration, Schedule Scanning and Notification Tools integration, which are not available in the Pay Per Scan plan. However, all core scanning capabilities are consistently available across all plans." + "q": "Is there a difference in features between Professional Pay Per Scan and Professional plans?", + "a": "Yes. Both plans provide access to ZeroThreat’s core security testing capabilities, including web application and API scanning, vulnerability validation, and detailed reporting. The main difference is usage and scalability. Professional Pay Per Scan is designed for on-demand testing, while the Professional plan includes recurring scans, continuous testing workflows, and higher operational scale for ongoing security programs." }, { "q": "Can I scan multiple targets with the Pay Per Credit plan?", @@ -12,8 +12,8 @@ "a": "With the Target-based (Professional) plan, you get a 30-day cooling period that allows you to flexibly change your target as needed." }, { - "q": "Can I have multiple plans (Pay Per Credit + Professional) under one account?", - "a": "Yes, you can have both Pay Per Credit and Professional plans under a single account. This is especially useful if you have a target that requires less frequent scanning—you can simply purchase a credit for that target while maintaining your Professional plan for others." + "q": "Can I have multiple plans (Professional Pay Per Scan + Professional) under one account? ", + "a": "Yes, you can have both Professional Pay Per Scan and Professional plans under a single account. This is especially useful if you have a target that requires less frequent scanning—you can simply purchase a credit for that target while maintaining your Professional plan for others." }, { "q": "How to get free Credits on ZeroThreat Platform?", diff --git a/public/prod/pricing.faq.json b/public/prod/pricing.faq.json index 73ec53e..bee57d9 100644 --- a/public/prod/pricing.faq.json +++ b/public/prod/pricing.faq.json @@ -12,8 +12,8 @@ "a": "Yes, you can run unlimited scans on any active target throughout your subscription period—no limits or extra charges." }, { - "q": "How does ZeroThreat pricing compare to traditional DAST tools?", - "a": "ZeroThreat offers more cost-effective pricing compared to traditional DAST tools or vulnerability scanners, with no hidden fees for features like authentication, unlimited scans, or API testing. Our annual subscription plans provide superior value by integrating automated vulnerability detection and remediation, reducing manual efforts and saving your team time and resources." + "q": "How does ZeroThreat pricing compare to traditional pentesting tools? ", + "a": "ZeroThreat offers more cost-effective pricing compared to traditional pentesting tools or vulnerability scanners, with no hidden fees for features like authentication, unlimited scans, or API testing. Our annual subscription plans provide superior value by integrating automated vulnerability detection and remediation, reducing manual efforts and saving your team time and resources." }, { "q": "How do bulk purchases of credits or targets impact pricing?", diff --git a/public/prod/product.faq.json b/public/prod/product.faq.json index c633c7f..8e81aea 100644 --- a/public/prod/product.faq.json +++ b/public/prod/product.faq.json @@ -29,7 +29,7 @@ }, { "q": "Is Continuous Integration (CI/CD) available in the Free and Pay Per Scan plans?", - "a": "No, CI/CD is not available in the Free and Pay Per Scan plans. This feature is only included in the Professional and Enterprise plans, which are designed to support automated security testing within your development pipelines." + "a": "No, CI/CD is not available in the Free and Pay Per Scan plans. This feature is only included in the Enterprise Cloud and Enterprise On-Prem plans, which are designed to support automated security testing within your development pipelines." }, { "q": "Are there additional charges for integrations (CI/CD, ticketing, etc.)?", diff --git a/public/prod/scan.faq.json b/public/prod/scan.faq.json index 17e0f3c..7b0334d 100644 --- a/public/prod/scan.faq.json +++ b/public/prod/scan.faq.json @@ -1,7 +1,7 @@ [ { "q":"What happens during a scan? ", - "a":"During a scan, ZeroThreat systematically analyzes your web application or API to detect security vulnerabilities. Our intelligent crawler crawls the target, identifies all accessible endpoints and inputs, and simulates real-world attack techniques to uncover issues like SQL injection, XSS, and authentication flaws. " + "a":"During a scan, ZeroThreat maps the application attack surface, tests web applications and APIs for exploitable vulnerabilities, validates findings with proof-of-impact, and removes false positives using AI-driven verification. Depending on the scan mode, it can also execute authenticated workflows, CVE checks, custom templates, and business logic testing across multi-step attacker paths." }, { "q":"How long will a target scan take? ", @@ -29,7 +29,7 @@ }, { "q":"How often are vulnerabilities added or updated in ZeroThreat? ", - "a":"We consistently update our vulnerability database and scanning engine to efficiently detect threats based on the latest trends and reported CVEs. For example, recent data from CVE Details shows that the most reported vulnerabilities include XSS, SQL Injection, Memory Corruption, Code Execution, and Privilege Escalation. ZeroThreat adapts to these trends to ensure your applications are protected against the most common and critical security risks. " + "a":"ZeroThreat continuously updates its vulnerability intelligence and detection coverage. Newly disclosed CVEs are rapidly mapped into executable checks, often within hours of publication. The platform also updates detection logic for emerging threats, zero-day patterns, and community or custom templates through ongoing intelligence and OTA update mechanisms." }, { "q":"What do the severity levels in ZeroThreat\u2019s findings mean? ", diff --git a/public/stage/getting-started.faq.json b/public/stage/getting-started.faq.json index ae18449..2568cef 100644 --- a/public/stage/getting-started.faq.json +++ b/public/stage/getting-started.faq.json @@ -9,7 +9,7 @@ }, { "q":"What are the system requirements to use ZeroThreat? ", - "a":"ZeroThreat is a cloud-based Dynamic Application Security Testing (DAST) platform designed for ease of use and broad accessibility. Since it operates entirely in the cloud, there are no specific hardware or software requirements for running scans or accessing the platform. You can use ZeroThreat from any modern device with an internet connection and a web browser. " + "a":"ZeroThreat is a cloud-based penetration testing platform that requires only a modern web browser and internet connection. Since it operates entirely in the cloud, there are no specific hardware or software requirements for running scans or accessing the platform. You can use ZeroThreat from any modern device with an internet connection and a web browser. " }, { "q":"Does ZeroThreat require installation or is it cloud-based? ", @@ -62,7 +62,7 @@ }, { "q":"Why do I need continuous web application security testing if I already perform manual penetration tests? ", - "a":"Manual penetration tests are valuable, but they\u2019re typically periodic and may miss vulnerabilities introduced between test cycles. Continuous web application security testing with tools like ZeroThreat helps you catch threats in real-time as code changes are made. It ensures consistent monitoring, rapid detection, and quick remediation\u2014closing the gaps that manual testing alone can't cover. This proactive approach significantly reduces your risk of breaches, especially in agile or DevOps environments where application updates are frequent. " + "a":"Manual penetration tests provide point-in-time assessments, but modern applications change constantly through deployments, APIs, and third-party integrations. Continuous security testing helps identify newly introduced vulnerabilities, exposed attack paths, and emerging CVEs in real time, reducing the window between vulnerability introduction and detection while continuously validating exploitability and business impact. " }, { "q":"What all can I security test using ZeroThreat? ", @@ -70,7 +70,7 @@ }, { "q":"Is it safe to scan production environments with ZeroThreat?", - "a":"While ZeroThreat is designed with security in mind, we strongly running scans only in non-production environments. ZeroThreat performs active testing, which may generate high request volumes, modify data, or trigger alerts\u2014potentially impacting live systems. For safer and more controlled results, always scan in a staging or testing environment that closely mirrors production." + "a":"Yes. ZeroThreat is designed for production-safe security testing with safeguards to minimize service disruption. The platform uses controlled execution, intelligent rate handling, and exploit validation techniques to safely identify real vulnerabilities in live web applications and APIs without relying on destructive testing methods." }, { "q":"How long will it take for a security test to complete? ", diff --git a/public/stage/plans.faq.json b/public/stage/plans.faq.json index b50b61f..617db31 100644 --- a/public/stage/plans.faq.json +++ b/public/stage/plans.faq.json @@ -1,7 +1,7 @@ [ { - "q": "Is there a difference in features between Pay Per Scan and Professional plans?", - "a": "The Professional plan includes advanced features like CI/CD tools integration, Issue Tracking Integration, Schedule Scanning and Notification Tools integration, which are not available in the Pay Per Scan plan. However, all core scanning capabilities are consistently available across all plans." + "q": "Is there a difference in features between Professional Pay Per Scan and Professional plans?", + "a": "Yes. Both plans provide access to ZeroThreat’s core security testing capabilities, including web application and API scanning, vulnerability validation, and detailed reporting. The main difference is usage and scalability. Professional Pay Per Scan is designed for on-demand testing, while the Professional plan includes recurring scans, continuous testing workflows, and higher operational scale for ongoing security programs." }, { "q": "Can I scan multiple targets with the Pay Per Credit plan?", @@ -12,8 +12,8 @@ "a": "With the Target-based (Professional) plan, you get a 30-day cooling period that allows you to flexibly change your target as needed." }, { - "q": "Can I have multiple plans (Pay Per Credit + Professional) under one account?", - "a": "Yes, you can have both Pay Per Credit and Professional plans under a single account. This is especially useful if you have a target that requires less frequent scanning—you can simply purchase a credit for that target while maintaining your Professional plan for others." + "q": "Can I have multiple plans (Professional Pay Per Scan + Professional) under one account?", + "a": "Yes, you can have both Professional Pay Per Scan and Professional plans under a single account. This is especially useful if you have a target that requires less frequent scanning—you can simply purchase a credit for that target while maintaining your Professional plan for others." }, { "q": "How to get free Credits on ZeroThreat Platform?", diff --git a/public/stage/pricing.faq.json b/public/stage/pricing.faq.json index 73ec53e..5fbbb8c 100644 --- a/public/stage/pricing.faq.json +++ b/public/stage/pricing.faq.json @@ -12,8 +12,8 @@ "a": "Yes, you can run unlimited scans on any active target throughout your subscription period—no limits or extra charges." }, { - "q": "How does ZeroThreat pricing compare to traditional DAST tools?", - "a": "ZeroThreat offers more cost-effective pricing compared to traditional DAST tools or vulnerability scanners, with no hidden fees for features like authentication, unlimited scans, or API testing. Our annual subscription plans provide superior value by integrating automated vulnerability detection and remediation, reducing manual efforts and saving your team time and resources." + "q": "How does ZeroThreat pricing compare to traditional pentesting tools?", + "a": "ZeroThreat offers more cost-effective pricing compared to traditional pentesting tools or vulnerability scanners, with no hidden fees for features like authentication, unlimited scans, or API testing. Our annual subscription plans provide superior value by integrating automated vulnerability detection and remediation, reducing manual efforts and saving your team time and resources." }, { "q": "How do bulk purchases of credits or targets impact pricing?", diff --git a/public/stage/product.faq.json b/public/stage/product.faq.json index e9a6f47..dd85f6e 100644 --- a/public/stage/product.faq.json +++ b/public/stage/product.faq.json @@ -29,7 +29,7 @@ }, { "q": "Is Continuous Integration (CI/CD) available in the Free and Pay Per Scan plans?", - "a": "No, CI/CD is not available in the Free and Pay Per Scan plans. This feature is only included in the Professional and Enterprise plans, which are designed to support automated security testing within your development pipelines." + "a": "No, CI/CD is not available in the Free and Pay Per Scan plans. This feature is only included in the Enterprise Cloud and Enterprise On-Prem plans, which are designed to support automated security testing within your development pipelines." }, { "q": "Are there additional charges for integrations (CI/CD, ticketing, etc.)?", diff --git a/public/stage/scan.faq.json b/public/stage/scan.faq.json index 7587833..c71e481 100644 --- a/public/stage/scan.faq.json +++ b/public/stage/scan.faq.json @@ -1,7 +1,7 @@ [ { "q":"What happens during a scan? ", - "a":"During a scan, ZeroThreat systematically analyzes your web application or API to detect security vulnerabilities. Our intelligent crawler crawls the target, identifies all accessible endpoints and inputs, and simulates real-world attack techniques to uncover issues like SQL injection, XSS, and authentication flaws. " + "a":"During a scan, ZeroThreat maps the application attack surface, tests web applications and APIs for exploitable vulnerabilities, validates findings with proof-of-impact, and removes false positives using AI-driven verification. Depending on the scan mode, it can also execute authenticated workflows, CVE checks, custom templates, and business logic testing across multi-step attacker paths." }, { "q":"How long will a target scan take? ", @@ -29,7 +29,7 @@ }, { "q":"How often are vulnerabilities added or updated in ZeroThreat? ", - "a":"We consistently update our vulnerability database and scanning engine to efficiently detect threats based on the latest trends and reported CVEs. For example, recent data from CVE Details shows that the most reported vulnerabilities include XSS, SQL Injection, Memory Corruption, Code Execution, and Privilege Escalation. ZeroThreat adapts to these trends to ensure your applications are protected against the most common and critical security risks. " + "a":"ZeroThreat continuously updates its vulnerability intelligence and detection coverage. Newly disclosed CVEs are rapidly mapped into executable checks, often within hours of publication. The platform also updates detection logic for emerging threats, zero-day patterns, and community or custom templates through ongoing intelligence and OTA update mechanisms." }, { "q":"What do the severity levels in ZeroThreat\u2019s findings mean? ", From dceff23f22d22698c7ae301844de033714a90af5 Mon Sep 17 00:00:00 2001 From: "vijay.vaghela" Date: Wed, 20 May 2026 19:15:48 +0530 Subject: [PATCH 2/2] feat(ui): update installation page content --- .../01.DNS-binding-and-setup.md | 20 +++++++++++++++++-- .../docs/7.on-prem/02.installation/index.md | 2 +- main.css | 4 +++- 3 files changed, 22 insertions(+), 4 deletions(-) diff --git a/content/docs/7.on-prem/02.installation/01.DNS-binding-and-setup.md b/content/docs/7.on-prem/02.installation/01.DNS-binding-and-setup.md index e37953b..0a615a2 100644 --- a/content/docs/7.on-prem/02.installation/01.DNS-binding-and-setup.md +++ b/content/docs/7.on-prem/02.installation/01.DNS-binding-and-setup.md @@ -104,7 +104,7 @@ sudo systemctl status nginx ``` :: -Nginx supports reverse proxying requests to backend services using `proxy_pass`, which is what allows the supported domain to route traffic to the local ZeroThreat service. ([**docs.nginx.com**](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/?utm_source=chatgpt.com)) +Nginx supports reverse proxying requests to backend services using `proxy_pass`, which is what allows the supported domain to route traffic to the local ZeroThreat service. ### Step 2: Configure Local Firewall Rules @@ -212,12 +212,27 @@ Replace `company.webscan.ai` with your actual supported domain. Replace `http://127.0.0.1:3203` with the local ZeroThreat URL or port shown after installation. +::hint{style="background-color:#f7fcff; border:1px solid #07405a33; color:#1e6995;" icon="circle-info" iconClass="text-sky-600"} + +##### **Increase Upload Size Limit** + +###### Some ZeroThreat On-Prem features require uploading project or template files through the portal. For example, Application Journeys / Playwright ZIP upload and Custom Attack Coverage ZIP upload may involve files larger than the default Nginx request body limit. + +###### By default, Nginx limits the client request body size to 1 MB. If an uploaded file exceeds this limit, Nginx can reject the request with a 413 Request Entity Too Large error before it reaches ZeroThreat. Nginx supports increasing this limit using the `client_max_body_size` directive inside the `http`, `server`, or `location` block. If you are using HTTPS, add the same directive inside the HTTPS server block as well. + +###### **Note**: If you are using Apache, an internal load balancer, an ingress controller, or another reverse proxy instead of Nginx, configure the equivalent request body or upload size limit there as well. Otherwise, large ZIP uploads may fail even if ZeroThreat itself supports the file size. + +:: + ::u-code ```nginx server { listen 80; + server_name company.webscan.ai; + client_max_body_size 100M; + location / { proxy_pass http://127.0.0.1:3203; @@ -235,7 +250,8 @@ server { ``` :: -Nginx reverse proxy configuration uses `proxy_pass` to forward requests to the backend service, and `proxy_set_header` can be used to pass the original host, client IP, and protocol details to the proxied service. ([**docs.nginx.com**](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/?utm_source=chatgpt.com)) + +Nginx reverse proxy configuration uses `proxy_pass` to forward requests to the backend service, and `proxy_set_header` can be used to pass the original host, client IP, and protocol details to the proxied service. Enable the site: diff --git a/content/docs/7.on-prem/02.installation/index.md b/content/docs/7.on-prem/02.installation/index.md index 71483d1..004fc51 100644 --- a/content/docs/7.on-prem/02.installation/index.md +++ b/content/docs/7.on-prem/02.installation/index.md @@ -13,7 +13,7 @@ This section walks you through installing ZeroThreat On-Prem using the CLI and a Before starting the installation, ensure the following requirements are met: * **Node.js**: Latest stable version installed -* **Disk space**: At least **15 GB of free disk space** for initial installation +* **Disk space**: At least 50-100 GB of free disk space for initial installation * **Internet access**: Required during installation to download system images > **Note**\ diff --git a/main.css b/main.css index 5dcfb8b..2169c9b 100644 --- a/main.css +++ b/main.css @@ -283,7 +283,9 @@ blockquote p { @apply leading-6 } -#alert-div h6:nth-of-type(2) { +#alert-div h6:nth-of-type(2), +#alert-div h6:nth-of-type(3), +#alert-div h6:nth-of-type(4) { @apply mt-2; }