Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 18 additions & 2 deletions content/docs/7.on-prem/02.installation/01.DNS-binding-and-setup.md
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,7 @@ sudo systemctl status nginx
```
::

Nginx supports reverse proxying requests to backend services using `proxy_pass`, which is what allows the supported domain to route traffic to the local ZeroThreat service. ([**docs.nginx.com**](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/?utm_source=chatgpt.com))
Nginx supports reverse proxying requests to backend services using `proxy_pass`, which is what allows the supported domain to route traffic to the local ZeroThreat service.


### Step 2: Configure Local Firewall Rules
Expand Down Expand Up @@ -212,12 +212,27 @@ Replace `company.webscan.ai` with your actual supported domain.

Replace `http://127.0.0.1:3203` with the local ZeroThreat URL or port shown after installation.

::hint{style="background-color:#f7fcff; border:1px solid #07405a33; color:#1e6995;" icon="circle-info" iconClass="text-sky-600"}

##### **Increase Upload Size Limit**

###### Some ZeroThreat On-Prem features require uploading project or template files through the portal. For example, Application Journeys / Playwright ZIP upload and Custom Attack Coverage ZIP upload may involve files larger than the default Nginx request body limit.

###### By default, Nginx limits the client request body size to 1 MB. If an uploaded file exceeds this limit, Nginx can reject the request with a 413 Request Entity Too Large error before it reaches ZeroThreat. Nginx supports increasing this limit using the `client_max_body_size` directive inside the `http`, `server`, or `location` block. If you are using HTTPS, add the same directive inside the HTTPS server block as well.

###### **Note**: If you are using Apache, an internal load balancer, an ingress controller, or another reverse proxy instead of Nginx, configure the equivalent request body or upload size limit there as well. Otherwise, large ZIP uploads may fail even if ZeroThreat itself supports the file size.

::

::u-code
```nginx
server {
listen 80;

server_name company.webscan.ai;

client_max_body_size 100M;

location / {
proxy_pass http://127.0.0.1:3203;

Expand All @@ -235,7 +250,8 @@ server {
```
::

Nginx reverse proxy configuration uses `proxy_pass` to forward requests to the backend service, and `proxy_set_header` can be used to pass the original host, client IP, and protocol details to the proxied service. ([**docs.nginx.com**](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/?utm_source=chatgpt.com))

Nginx reverse proxy configuration uses `proxy_pass` to forward requests to the backend service, and `proxy_set_header` can be used to pass the original host, client IP, and protocol details to the proxied service.

Enable the site:

Expand Down
2 changes: 1 addition & 1 deletion content/docs/7.on-prem/02.installation/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ This section walks you through installing ZeroThreat On-Prem using the CLI and a
Before starting the installation, ensure the following requirements are met:

* **Node.js**: Latest stable version installed
* **Disk space**: At least **15 GB of free disk space** for initial installation
* **Disk space**: At least 50-100 GB of free disk space for initial installation
* **Internet access**: Required during installation to download system images

> **Note**\
Expand Down
4 changes: 3 additions & 1 deletion main.css
Original file line number Diff line number Diff line change
Expand Up @@ -283,7 +283,9 @@ blockquote p {
@apply leading-6
}

#alert-div h6:nth-of-type(2) {
#alert-div h6:nth-of-type(2),
#alert-div h6:nth-of-type(3),
#alert-div h6:nth-of-type(4) {
@apply mt-2;
}

Expand Down
11 changes: 4 additions & 7 deletions public/assets/getting-started.faq.json
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
},
{
"q":"What are the system requirements to use ZeroThreat? ",
"a":"ZeroThreat is a cloud-based Dynamic Application Security Testing (DAST) platform designed for ease of use and broad accessibility. Since it operates entirely in the cloud, there are no specific hardware or software requirements for running scans or accessing the platform. You can use ZeroThreat from any modern device with an internet connection and a web browser. "
"a":"ZeroThreat is a cloud-based penetration testing platform that requires only a modern web browser and internet connection. Since it operates entirely in the cloud, there are no specific hardware or software requirements for running scans or accessing the platform. You can use ZeroThreat from any modern device with an internet connection and a web browser. "
},
{
"q":"Does ZeroThreat require installation or is it cloud-based? ",
Expand All @@ -35,7 +35,6 @@
"q":"What authentication methods does ZeroThreat support? ",
"a":"ZeroThreat supports a wide range of authentication mechanisms through its Chrome Extension, making it easy to scan even complex authenticated areas. You don\u2019t need to manually configure tokens or headers\u2014just use the extension to record a login sequence or use active user session. It handles form-based logins, CAPTCHA challenges, multi-factor authentication (2FA\/MFA), OTPs, and other interactive login flows by capturing real browser behavior. This approach ensures that ZeroThreat can access and scan secure sections of your application without requiring static credential input. "
},

{
"q":"How does ZeroThreat ensure my data is secure? ",
"a":"ZeroThreat ensures data security through: \n\n- End-to-End Encryption: SSL\/TLS for secure data transmission. \n- Zero Trust Architecture: Every access request is verified. \n- Compliance: Adheres to GDPR and data privacy regulations. \n- Data Scan & Storage Location: Choose where your data is scanned and stored in real-time. "
Expand All @@ -62,15 +61,15 @@
},
{
"q":"Why do I need continuous web application security testing if I already perform manual penetration tests? ",
"a":"Manual penetration tests are valuable, but they\u2019re typically periodic and may miss vulnerabilities introduced between test cycles. Continuous web application security testing with tools like ZeroThreat helps you catch threats in real-time as code changes are made. It ensures consistent monitoring, rapid detection, and quick remediation\u2014closing the gaps that manual testing alone can't cover. This proactive approach significantly reduces your risk of breaches, especially in agile or DevOps environments where application updates are frequent. "
"a":"Manual penetration tests provide point-in-time assessments, but modern applications change constantly through deployments, APIs, and third-party integrations. Continuous security testing helps identify newly introduced vulnerabilities, exposed attack paths, and emerging CVEs in real time, reducing the window between vulnerability introduction and detection while continuously validating exploitability and business impact. "
},
{
"q":"What all can I security test using ZeroThreat? ",
"a":"ZeroThreat enables comprehensive security testing across a wide range of targets. You can test modern web applications (including SPAs), APIs (Postman, gRPC), and authenticated pages. ZeroThreat also scans for a wide spectrum of vulnerabilities\u2014like XSS, SQLi, misconfigurations, and access control issues\u2014while integrating seamlessly into CI\/CD pipelines for continuous security. "
},
{
"q":"Is it safe to scan production environments with ZeroThreat?",
"a":"While ZeroThreat is designed with security in mind, we strongly running scans only in non-production environments. ZeroThreat performs active testing, which may generate high request volumes, modify data, or trigger alerts\u2014potentially impacting live systems. For safer and more controlled results, always scan in a staging or testing environment that closely mirrors production."
"a":"Yes. ZeroThreat is designed for production-safe security testing with safeguards to minimize service disruption. The platform uses controlled execution, intelligent rate handling, and exploit validation techniques to safely identify real vulnerabilities in live web applications and APIs without relying on destructive testing methods. "
},
{
"q":"How long will it take for a security test to complete? ",
Expand All @@ -88,6 +87,4 @@
"q":"How to Scan in ZeroThreat if I have WAF setup?",
"a":"If your WAF is blocking ZeroThreat requests, ensure it allows traffic whose User-Agent includes the ZeroThreat AI Bot signature. Look for `ZeroThreatAIBot` in the header (versions may vary), for example:`Mozilla/5.0 (Windows NT 10.0; Win64; x64; compatible; +https://zerothreat.ai/sos) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 ZeroThreatAIBot 0.0.65.` Enabling this signature ensures the scanner can access your target without interference from the WAF."
}
]


]
8 changes: 4 additions & 4 deletions public/assets/plans.faq.json
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
[
{
"q": "Is there a difference in features between Pay Per Scan and Professional plans?",
"a": "The Professional plan includes advanced features like CI/CD tools integration, Issue Tracking Integration, Schedule Scanning and Notification Tools integration, which are not available in the Pay Per Scan plan. However, all core scanning capabilities are consistently available across all plans."
"q": "Is there a difference in features between Professional Pay Per Scan and Professional plans?",
"a": "Yes. Both plans provide access to ZeroThreat’s core security testing capabilities, including web application and API scanning, vulnerability validation, and detailed reporting. The main difference is usage and scalability. Professional Pay Per Scan is designed for on-demand testing, while the Professional plan includes recurring scans, continuous testing workflows, and higher operational scale for ongoing security programs."
},
{
"q": "Can I scan multiple targets with the Pay Per Credit plan?",
Expand All @@ -12,8 +12,8 @@
"a": "With the Target-based (Professional) plan, you get a 30-day cooling period that allows you to flexibly change your target as needed."
},
{
"q": "Can I have multiple plans (Pay Per Credit + Professional) under one account?",
"a": "Yes, you can have both Pay Per Credit and Professional plans under a single account. This is especially useful if you have a target that requires less frequent scanning you can simply purchase a credit for that target while maintaining your Professional plan for others."
"q": "Can I have multiple plans (Professional Pay Per Scan + Professional) under one account?",
"a": "Yes, you can have both Professional Pay Per Scan and Professional plans under a single account. This is especially useful if you have a target that requires less frequent scanningyou can simply purchase a credit for that target while maintaining your Professional plan for others."
},
{
"q": "How to get free Credits on ZeroThreat Platform?",
Expand Down
4 changes: 2 additions & 2 deletions public/assets/pricing.faq.json
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,8 @@
"a": "Yes, you can run unlimited scans on any active target throughout your subscription period—no limits or extra charges."
},
{
"q": "How does ZeroThreat pricing compare to traditional DAST tools?",
"a": "ZeroThreat offers more cost-effective pricing compared to traditional DAST tools or vulnerability scanners, with no hidden fees for features like authentication, unlimited scans, or API testing. Our annual subscription plans provide superior value by integrating automated vulnerability detection and remediation, reducing manual efforts and saving your team time and resources."
"q": "How does ZeroThreat pricing compare to traditional pentesting tools?",
"a": "ZeroThreat offers more cost-effective pricing compared to traditional pentesting tools or vulnerability scanners, with no hidden fees for features like authentication, unlimited scans, or API testing. Our annual subscription plans provide superior value by integrating automated vulnerability detection and remediation, reducing manual efforts and saving your team time and resources."
},
{
"q": "How do bulk purchases of credits or targets impact pricing?",
Expand Down
2 changes: 1 addition & 1 deletion public/assets/product.faq.json
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@
},
{
"q": "Is Continuous Integration (CI/CD) available in the Free and Pay Per Scan plans?",
"a": "No, CI/CD is not available in the Free and Pay Per Scan plans. This feature is only included in the Professional and Enterprise plans, which are designed to support automated security testing within your development pipelines."
"a": "No, CI/CD is not available in the Free and Pay Per Scan plans. This feature is only included in the Enterprise Cloud and Enterprise On-Prem plans, which are designed to support automated security testing within your development pipelines."
},
{
"q": "Are there additional charges for integrations (CI/CD, ticketing, etc.)?",
Expand Down
4 changes: 2 additions & 2 deletions public/assets/scan.faq.json
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
[
{
"q":"What happens during a scan? ",
"a":"During a scan, ZeroThreat systematically analyzes your web application or API to detect security vulnerabilities. Our intelligent crawler crawls the target, identifies all accessible endpoints and inputs, and simulates real-world attack techniques to uncover issues like SQL injection, XSS, and authentication flaws. "
"a":"During a scan, ZeroThreat maps the application attack surface, tests web applications and APIs for exploitable vulnerabilities, validates findings with proof-of-impact, and removes false positives using AI-driven verification. Depending on the scan mode, it can also execute authenticated workflows, CVE checks, custom templates, and business logic testing across multi-step attacker paths."
},
{
"q":"How long will a target scan take? ",
Expand Down Expand Up @@ -29,7 +29,7 @@
},
{
"q":"How often are vulnerabilities added or updated in ZeroThreat? ",
"a":"We consistently update our vulnerability database and scanning engine to efficiently detect threats based on the latest trends and reported CVEs. For example, recent data from CVE Details shows that the most reported vulnerabilities include XSS, SQL Injection, Memory Corruption, Code Execution, and Privilege Escalation. ZeroThreat adapts to these trends to ensure your applications are protected against the most common and critical security risks. "
"a":"ZeroThreat continuously updates its vulnerability intelligence and detection coverage. Newly disclosed CVEs are rapidly mapped into executable checks, often within hours of publication. The platform also updates detection logic for emerging threats, zero-day patterns, and community or custom templates through ongoing intelligence and OTA update mechanisms."
},
{
"q":"What do the severity levels in ZeroThreat\u2019s findings mean? ",
Expand Down
11 changes: 4 additions & 7 deletions public/prod/getting-started.faq.json
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
},
{
"q":"What are the system requirements to use ZeroThreat? ",
"a":"ZeroThreat is a cloud-based Dynamic Application Security Testing (DAST) platform designed for ease of use and broad accessibility. Since it operates entirely in the cloud, there are no specific hardware or software requirements for running scans or accessing the platform. You can use ZeroThreat from any modern device with an internet connection and a web browser. "
"a":"ZeroThreat is a cloud-based penetration testing platform that requires only a modern web browser and internet connection. Since it operates entirely in the cloud, there are no specific hardware or software requirements for running scans or accessing the platform. You can use ZeroThreat from any modern device with an internet connection and a web browser. "
},
{
"q":"Does ZeroThreat require installation or is it cloud-based? ",
Expand All @@ -35,7 +35,6 @@
"q":"What authentication methods does ZeroThreat support? ",
"a":"ZeroThreat supports a wide range of authentication mechanisms through its Chrome Extension, making it easy to scan even complex authenticated areas. You don\u2019t need to manually configure tokens or headers\u2014just use the extension to record a login sequence or use active user session. It handles form-based logins, CAPTCHA challenges, multi-factor authentication (2FA\/MFA), OTPs, and other interactive login flows by capturing real browser behavior. This approach ensures that ZeroThreat can access and scan secure sections of your application without requiring static credential input. "
},

{
"q":"How does ZeroThreat ensure my data is secure? ",
"a":"ZeroThreat ensures data security through: \n\n- End-to-End Encryption: SSL\/TLS for secure data transmission. \n- Zero Trust Architecture: Every access request is verified. \n- Compliance: Adheres to GDPR and data privacy regulations. \n- Data Scan & Storage Location: Choose where your data is scanned and stored in real-time. "
Expand All @@ -54,11 +53,11 @@
},
{
"q":"Why do I need continuous web application security testing if I already perform manual penetration tests? ",
"a":"Manual penetration tests are valuable, but they\u2019re typically periodic and may miss vulnerabilities introduced between test cycles. Continuous web application security testing with tools like ZeroThreat helps you catch threats in real-time as code changes are made. It ensures consistent monitoring, rapid detection, and quick remediation\u2014closing the gaps that manual testing alone can't cover. This proactive approach significantly reduces your risk of breaches, especially in agile or DevOps environments where application updates are frequent. "
"a":"Manual penetration tests provide point-in-time assessments, but modern applications change constantly through deployments, APIs, and third-party integrations. Continuous security testing helps identify newly introduced vulnerabilities, exposed attack paths, and emerging CVEs in real time, reducing the window between vulnerability introduction and detection while continuously validating exploitability and business impact. "
},
{
"q":"Is it safe to scan production environments with ZeroThreat?",
"a":"While ZeroThreat is designed with security in mind, we strongly running scans only in non-production environments. ZeroThreat performs active testing, which may generate high request volumes, modify data, or trigger alerts\u2014potentially impacting live systems. For safer and more controlled results, always scan in a staging or testing environment that closely mirrors production."
"a":"Yes. ZeroThreat is designed for production-safe security testing with safeguards to minimize service disruption. The platform uses controlled execution, intelligent rate handling, and exploit validation techniques to safely identify real vulnerabilities in live web applications and APIs without relying on destructive testing methods. "
},
{
"q":"How long will it take for a security test to complete? ",
Expand All @@ -76,6 +75,4 @@
"q":"How to Scan in ZeroThreat if I have WAF setup?",
"a":"If your WAF is blocking ZeroThreat requests, ensure it allows traffic whose User-Agent includes the ZeroThreat AI Bot signature. Look for `ZeroThreatAIBot` in the header (versions may vary), for example:`Mozilla/5.0 (Windows NT 10.0; Win64; x64; compatible; +https://zerothreat.ai/sos) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 ZeroThreatAIBot 0.0.65.` Enabling this signature ensures the scanner can access your target without interference from the WAF."
}
]


]
Loading
Loading