Active validation

Proof-based Active Testing

Confirm vulnerabilities by safely triggering them — reflected XSS, error-based SQLi and open redirects, proven not guessed.

Launch heimdallXAll capabilities

A finding you can reproduce is worth a hundred you can't. With your explicit consent, heimdallX crawls your own site, discovers injectable parameters, and safely probes them — reflecting a harmless marker for cross-site scripting, watching for database error signatures for SQL injection, and validating open-redirect behaviour. The result is proof-based DAST: findings you can trust because they were triggered, not inferred.

Proof-based Active TestingLIVEAKConsentI own this asset · non-destructiveParameters foundGET /search?q=⟨probe⟩GET /go?redirect=⟨url⟩GET /item?id=⟨payload⟩same-origin · non-destructiveFindingsHIGHReflected XSSPROVEN‹svg/onload› reflected verbatimHIGHError-based SQLiPROVENSQL syntax error signatureMEDOpen redirectPROVEN302 → attacker.example

Proof, not noise

Proof-based scanning is how leading DAST engines kill false positives — instead of pattern-matching a response, the engine safely demonstrates the vulnerability. heimdallX marks these findings with an "active" exploit-maturity, and they flow straight into the Validation Core where confirmed exploitation outranks everything theoretical.

Safe by design

Active probing never runs by accident. It is gated behind an explicit consent flag, restricted to assets you've verified you own, uses only non-destructive HTTP GET probes, stays strictly same-origin, caps its request volume, and identifies itself with a dedicated user agent. No consent, no probing — the scan simply skips itself.

How probing works

A bounded crawl follows links and GET forms from your homepage to discover parameters worth testing. Each candidate gets targeted, safe payloads: a verbatim reflection marker for XSS, a quote that elicits a DB error signature for SQLi, and a controlled redirect target for open redirects. Anything that triggers is captured as proof.

How it works

1

Consent

Verify asset ownership and explicit opt-in to active probing.

2

Crawl

Bounded, same-origin crawl finds injectable parameters.

3

Probe

Safe payloads: marker reflection, DB-error, redirect.

4

Prove

Triggered findings flow into the Validation Core.

Explore more

Exploit validation

Exploitability Validation Core

Stop chasing severity. Rank by what's actually exploitable — EPSS probability, CISA KEV, and proven reachability.

Learn more
Adversary emulation

Attack Simulation & MITRE ATT&CK

See findings the way an adversary chains them — mapped to MITRE ATT&CK tactics and techniques.

Learn more
Continuous EASM

Continuous Attack-Surface Discovery

Watch your external footprint change over time — new hosts, shadow IT and disappearing assets, run after run.

Learn more

Put it to work

Run your first scan in under two minutes. Free, no credit card, real findings.

Launch heimdallX
Proof-based Active Testing — heimdallX