Pricing

Time-boxed, fixed-scope exploit validation for a single application and its primary APIs. Best for lightweight apps with a modest set of CRUD resources, simple workflows, and low integration complexity.

• Detailed proof-of-concept exploits
• Real-world attack simulation
• Blackbox, Whitebox, or Greybox testing
• End-to-end application scanning
• Enterprise-grade accuracy
• Auditor-accepted reports
• Actionable remediation guidance
• Autofix findings
• Free, instant re-testing with automated verification
• Same-day results
• Deploy on-demand
• Role-based access testing
• Frictionless auth testing (2FA, Magic Link, Email)

Priced to match your app. Xora analyzes your repos, endpoints, and roles, then sets the right scope automatically. Best for platforms with multiple modules, integrations, and multi-step workflows.

• Everything in Standard, plus:
• Scope set automatically from your repos
• Multi-service & multi-repo applications
• Deeper coverage for complex applications
• Ideal for complex or large platforms

Ongoing offensive security that tests every release automatically. New code ships, new tests run. Best for organizations running continuous delivery at scale.

• Everything in Rightsized, plus:
• Pentest on every deploy
• Continuous offensive coverage
• Broker support for internal applications
• Early access to new vulnerability coverage
• Enterprise SLA & support
• Training & onboarding
• Dedicated success manager