Security testing for founders & solo devs

Find the security holes in your app before hackers do.

Point Sable at your site. Autonomous agents scan it like a real attacker would, then hand you the exact bugs, and the code to fix them. Built for founders and solo devs, not enterprise security teams.

150 free credits on signup. No credit card. Enough for multiple full scans.
Real finding · redactedCRITICAL · CVSS 9.1
Broken access control (IDOR): any logged-in user could read every other user's profile.
GET /api/users/{id} → change the id, get someone else's data
See the full report
Founder CVE: CVE-2026-22778 · CVSS 9.8Five specialist agents · isolated infraOWASP Top 10PoC repo per finding
sable · console
roster · 5 agents
pen-scoutLIVE
Scope · engagement plan
Reads the target. Writes the rules of engagement.
mapping attack surface · 4 endpoints found
pen-reconLIVE
External recon · subdomain mapping
Enumerates surface. Flags staging envs.
3 subdomains · 1 staging exposed.
pen-triageIDLE
Scanner output · false-positive cull
Reads Nuclei, ZAP, semgrep. Keeps the real ones.
awaiting scan output
pen-fixerIDLE
Diff-grade remediations
Writes the patch. Cites the disclosure.
idle
pen-complianceQUEUED
SOC2 · ISO27001 evidence pack
Renders findings into auditor-ready PDFs.
queued · 1 job
/scope /scan /triage /fix /compliancecredits · 25
THE PROBLEM

AI-generated code ships fast. It also ships the bugs.

Cursor, v0, Bolt, Lovable generate functional code in seconds. They do not sanitize inputs, validate tokens, or check authorization. Your AI assistant is an intern who ships to production.

45%AI code · OWASP Top 10 vuln40%Copilot code · vulnerableMissing authorization checks

Sources: Veracode 2025 GenAI Code Security Report (45% of AI-generated samples across 100+ LLMs introduced OWASP Top 10 flaws) · Pearce et al., “Asleep at the Keyboard,” IEEE S&P 2022 (~40% of 1,689 GitHub Copilot programs vulnerable).

What we see, every week

A query missing a single ownership check, and every user becomes admin.

Broken access control (BOLA/IDOR) is the #1 category in the OWASP Top 10. It lands in shipped code because the LLM completed the query, then skipped the predicate that proves the caller owns the row.

api/user/[id]/route.tsBOLA · critical
// AI-generated handler, no ownership check
const user = await db.user.findFirst({
  where: { id: req.params.id },
});

// pen-triage would add:
//   where: { id: req.params.id, ownerId: session.uid }
//   ↑ one predicate. every record stays private.
HOW IT WORKS

Three steps. No onboarding call.

From signup to a scoped pentest in under five minutes. Everything runs in your browser; everything bills by the credit.

01Free

Sign up, 150 free credits

No card. Magic-link auth. You land in the console with Scout already waiting.

02Five specialists

Pick an agent

Scout writes the engagement plan. Recon maps the surface. Triage reads scanner output. Fixer ships diffs. Compliance preps your evidence pack.

03From $29

Need depth? Run a scan.

When chat hits its limit, hand off to a one-time pentest ($29, $79, or $199) without leaving the thread.

CREDITS

Pay only what you use. No seats. No contracts.

Credits power agent turns. A scope conversation is 4. A recon job is 6. Compliance evidence is 5. Top up when you need.

OR: NEED A ONE-TIME PENTEST INSTEAD?

Skip the chat. Fixed scope, fixed price, PDF in 24-48h. Pick a tier below.

SCAN TIERS

Fixed scope. Fixed price.

No enterprise pricing. No monthly fees. One scan, one PDF, PoC repos included.

Secure checkout · USD · No subscription

Pre-Launch Check

Perfect for MVPs and landing pages

$39$29USD

Landing pages, portfolios, simple MVPs

  • Security headers analysis
  • Exposed secrets detection
  • CORS misconfiguration check
  • Basic OWASP coverage
  • PDF report in 24-48h
  • Email support
Most picked

Founder Shield

For SaaS with user data

$99$79USD

SaaS apps, user auth, payment flows

  • Everything in Pre-Launch Check
  • BOLA / IDOR vulnerability testing
  • API endpoint discovery
  • Authentication flow analysis
  • Full OWASP Top 10 coverage
  • 30-min consultation call
  • Priority support

Scale Secure

Complete security assessment

$299$199USD

Funded startups, enterprise clients

  • Everything in Founder Shield
  • SQLi & XSS deep testing
  • Infrastructure scanning
  • Compliance report (OWASP, PCI)
  • Re-test after fixes included
  • Slack/Discord support channel
  • Security badge for your site

Traditional pentesting firms charge $10,000 to $50,000+ for the same coverage.

Compare plans

FeaturePre-LaunchFounder ShieldScale Secure
Security Headers
Secrets Detection
CORS Check
Basic OWASP
Full OWASP Top 10
BOLA / IDOR Testing
API Discovery
Auth Flow Analysis
SQLi & XSS Deep Test
Infrastructure Scan
Consultation Call30 min60 min
Re-test After Fixes
Compliance Report
Delivery Time24-48h2-3 days3-5 days
50% money back if we find zero issues

Reports include compliance mapping for

OWASPPCI-DSSHIPAAGDPRSOC 2
ONGOING COVERAGE

Continuous monitoring, billed monthly.

One-time scans catch today's issues. Continuous plans keep watching, with automated re-scans, alerts, and reporting every month. Billed immediately, cancel anytime.

24/7 monitoring
Auto re-scan
Instant alerts
Always covered

Starter

Essential monitoring for small projects

$49/moUSD

Billed monthly · cancel anytime

  • Weekly automated scans
  • 1 domain included
  • Email alerts
  • OWASP Top 10 coverage
  • Monthly security report
Most popular

Pro

Complete protection for growing startups

$149/moUSD

Billed monthly · cancel anytime

  • Daily automated scans
  • 3 domains included
  • Slack & Discord alerts
  • Full vulnerability coverage
  • Real-time dashboard
  • API endpoint monitoring
  • Compliance tracking

Enterprise

Maximum security for scale-ups

$399/moUSD

Billed monthly · cancel anytime

  • Continuous 24/7 scanning
  • Unlimited domains
  • All alert channels + PagerDuty
  • Advanced threat detection
  • Custom dashboard & reports
  • Dedicated response team
  • API access + custom integrations
Cancel anytime. No long-term contracts, no setup fees.
PROVEN RESULTS

Real startups. Real vulnerabilities.

Anonymized findings from real security assessments. No brand names, just stacks, vulnerabilities, and outcomes.

Mobile App Backend

Social Media Startup

24h delivery
Risk: 9.2/10
Node.js + Custom Server
2Critical
3High
4Medium
Server fully compromised: unauthorized access confirmed
Real IP exposed behind CDN, bypassing DDoS protection
Directory listing enabled: source code and configs accessible
Report delivered in 24h. Critical infrastructure rebuilt from scratch.
SaaS Platform

EdTech Startup

24h delivery
Risk: 7.2/10
Next.js + Supabase
4High
5Medium
SSRF vulnerability via known CVE: internal network access possible
Server IP exposed through DNS misconfiguration
Insecure cookies and missing HSTS headers
All high-severity issues patched within 72 hours.
Desktop App + Landing

AI Startup

24h delivery
Risk: 7.8/10
React + Discord + Electron
1Critical
1High
2Medium
Discord webhook token exposed in client code: full channel takeover
Hardcoded API credentials in desktop app bundle
Missing Content Security Policy on landing page
Webhook rotated and secrets moved to backend within 24 hours.
Online Raffle Platform

E-commerce Startup

24h delivery
Risk: 5.5/10
Next.js + Supabase + Stripe
1High
4Medium
TLS 1.0/1.1 still enabled: vulnerable to downgrade attacks
Supabase project URL disclosed in client-side code
Missing CSP allows potential XSS exploitation
TLS hardened and security headers implemented same week.
Exam Certification App

EdTech Platform

48h delivery
Risk: 6.4/10
React + Vercel + REST API
3High
4Medium
11 vulnerabilities found across web app and API
Sensitive exam data accessible through API enumeration
Missing rate limiting on authentication endpoints
Full remediation completed before platform launch.
Corporate Website

Industrial Tech

24h delivery
Risk: 5.8/10
WordPress + Custom Plugins
2High
3Medium
Outdated WordPress plugins with known CVEs
Admin login page exposed without brute-force protection
Sensitive internal paths disclosed via error pages
Plugins updated, WAF configured, admin hardened.

A reproducible PoC for every finding · all anonymized · stacks & findings only

HOW WE COMPARE

Autonomous + researcher-grade.

Most security tools force a tradeoff: speed (AI scanners) or depth (traditional firms). Sable runs both: autonomous scans on isolated Kali, then validated by humans who file CVEs.

Capability
Sable
Traditional firms
AI-only scanners
Delivery time
24-48h
2-4 weeks
Continuous
Starting price
$29
$10,000+
Free to $200/mo
OWASP Top 10 coverage
Manual validation
AI-code / LLM app audit
Rare
Limited
Startup-stack specialization
Supabase · Next.js · Vercel
Generic
Generic
Published CVEs
3
Varies
None
Fix guidance in report
Code-level
High-level
Generic
Money-back guarantee
50% if no findings

Comparison data from public pricing pages and standard SaaS pentest deliverables · Q2 2026

FREE CHECKLIST

Free: Startup security checklist

15-point checklist covering the most common security mistakes in AI-built MVPs.

No spam. PDF downloads instantly when you submit.

FAQ

Questions, answered.

Everything founders ask before their first scan: is it safe, do I need to be technical, what do I get, and how the free credits work.