These docs are for v1.1. Click to read the latest docs for v1.2.

What is Bright DAST?

Build Secure Apps & APIs. Fast.

Bright is a powerful dynamic application & API security testing (DAST) platform. With its powerful automation and integration capabilities, Bright allows developers to scan multiple targets, uncover security vulnerabilities without false positives, get detailed reports on every finding, and quickly fix security issues by following the remediation guidelines.


  • Automatically Tests Every Aspect of Your Apps & APIs
    Scans any target, whether Web Apps, APIs (REST & SOAP, GraphQL & more), or mobile, providing actionable reports.
  • Spin-Up, Configure, and Control Scans with Code
    One file. One command. One scan. No UI is needed.
  • Super-Fast Scans
    Interacts with applications and APIs, instead of just crawling them and guessing.
    Scans are fast as our AI-powered engine can understand application architecture and generate sophisticated and targeted attacks.
  • No False Positives
    Stop chasing ghosts and wasting time. Bright doesn’t return false positives, so you can focus on releasing code.
  • Comprehensive Security Testing
    Bright tests for all common vulnerabilities, such as SQL injection, CSRF, XSS, and XXE - and uncommon vulnerabilities, such as business logic.

Interaction options

Bright provides the following options for interacting with its engine. These can be used for all Bright deployment options (SaaS, private cloud, Repeater mode).

Integration capabilities

You can integrate Bright with your development and management tools to simplify and automate the process of testing your applications and APIs. You can start scans, view detailed reports on every detected vulnerability, and solve security issues without leaving your development environment.

Bright enables you to configure integration with your CI pipelines or ticketing systems using the Bright App, CLI, or API. To simplify access to the Bright account, you can also use the Single Sign On (SSO) capabilities. Some integrations require valid predefined API keys that you should create in the Bright App.

What’s Next