Product overview

See how dev-centric DAST for the enterprise secures your business.

Web attacks

Continuous security testing for web applications at high-scale.

API attacks

Safeguard your APIs no matter how often you deploy.

Business logic attacks

Future-proof your security testing with green-flow exploitation testing.

LLM attacks

Next-gen security testing for LLM & Gen AI powered applications and add-ons.

Interfaces & extensions

Security testing throughout the SDLC - in your team’s native stack.


Connecting your security stack & resolution processes seamlessly.


Getting started with Bright and implementing it in your enterprise stack.

Book a demo

We’ll show you how Bright’s DAST can secure your security posture.


Check out or insights & deep dives into the world of security testing.

Webinars & events

Upcoming & on-demand events and webinars from security experts.


Getting started with Bright and implementing it in your enterprise stack.

Case studies

Dive into DAST success stories from Bright customers.


Download whitepapers & research on hot topics in the security field.

About us

Who we are, where we came from, and our Bright vision for the future.


Bright news hot off the press.

Webinars & events

Upcoming & on-demand events and webinars from security experts.

We're hiring

Want to join the Bright team? See our open possitions.

Bug bounty

Found a security issue or vulnerability we should hear about? Let us know!

Contact us

Need some help getting started? Looking to collaborate? Talk to us.

Resources > Blog >
Product Update – January 2021

Product Update – January 2021

Admir Dizdar

A lot is happening with Bright! Here are some updates and new features that will make your experience even better.

New Features

Introducing a new scan status: Disrupted


With the news scan status of Disrupted, you can now easily distinguish scans that were stopped due to recoverable issues on the user’s side, for example:

  • When the repeater is no longer available during an active scan
  • When the target is not responding for X minutes (5 minutes by default)
  • When the scan finds no valid entry-points, due to incorrect configuration (missing authentication, no valid responses, etc.)
  • When a scheduled scan cannot start due to a configuration issue (file unavailable, repeater unavailable, etc.) The disruption event details are also recorded to Engine Notifications.

View your scans!


New Version of Okta Integration


We’ve made improvements to how you manage your team’s access to Bright’s scanner using Okta SSO. The Bright integration app is now available on the Okta marketplace. With this app, you can easily configure SSO integration via both OIDC and SAML protocols. You can also take advantage of the provisioning feature to automatically synchronize users and groups between your Okta application and your Bright organization.

Go to Okta Marketplace!

Project Level API Keys


To provide with more flexibility and control of how your teams access Bright, we added the ability to create and use API keys at the project level.

Check out the docs and learn more!

Brower-Based Authentication Improvements


We improved our form field detection algorithm to be able to look up the target field not only by name but also by labels, placeholders, and even unique HTML object IDs. That will make the process of configuring the authentication form quick and easy! Just write the name of the field as you see it, and our browser will find it in the form automatically. Easy!

Try it out!

Multi-step Browser-based Authentication


We extended the browser-based authentication configurations to support multiple steps, where you can easily specify your application’s unique login sequences.

Try it out!

General UI improvements


Check out our design improvements to the New Scan window to improve your user experience!

Start a new scan

General Performance improvements


Various improvements for Engine performance and stability for handling edge-cases during the discovery stage, and significant improvement to XSS testing


DORA: Exploring The Path to Financial Institutions’ Resilience

DORA (Digital Operational Resilience Act) is the latest addition to the EU regulatory arsenal. A framework designed to bolster the cyber resilience of financial entities operating within the EU. But let’s face it: there’s no lack of regulations issued by the European Union legislature, and they’re not exactly known for keeping things light and easy.

IASTless IAST – The SAST to DAST Bridge

Streamline appsec with IASTless IAST. Simplify deployment, enhance accuracy, and boost your security posture by combining SAST and Bright’s DAST.

Bringing DAST security to AI-generated code

AI-generated code is basically the holy grail of developer tools of this decade. Think back to just over two years ago; every third article discussed how there weren’t enough engineers to answer demand; some companies even offered coding training for candidates wanting to make a career change. The demand for software and hardware innovation was

Get our newsletter