Skip to main content

Pentrova is launching soon. Join the waitlist for early access.Join the waitlist

Product · Inside every pentest

One pipeline. Two pentest modes.

The AI penetration testing pipeline behind every Pentrova engagement. Everything below runs in every engagement. No tier-gating. No add-ons. No noise.

Web App Pentesting and API Pentesting are how you point Pentrova at a target. The capabilities below run inside every engagement: testing adapts to what your application reveals, every finding is verified against the live target, exploits are reproduced inside a sealed sandbox, and confirmed findings are escalated into business-impact paths.

Join the waitlist See Web App Pentesting See API Pentesting

Six capabilities, one pipeline

Each card jumps to a section below. Capabilities work together as one engagement — recon, adaptive testing, verification, sandbox PoC, and escalation. None of them are tier-gated; pricing scales on portfolio scope, not pipeline features.

What runs in which pentest mode

Every Pentrova engagement is one of two modes. The capabilities below describe how each mode exercises a target.

Capability matrix across Web App Pentesting and API Pentesting
Capability Web App Pentesting API Pentesting
Read-only reconnaissance
Adaptive test planner
Live-target finding verification
Sandbox PoC validation Critical / High findings
Authorization Matrix (multi-role replay)
Attack chain escalation
LLM-driven login (SPA / OAuth / SAML / MFA)
JS-rendered crawl coverage
DOM XSS canary taint tracking Browser-only signal
OpenAPI / Postman / GraphQL / Protobuf / WSDL parsers
Six auth modes (bearer / API key / basic / OAuth 2 / custom / mTLS)

Capability deep-dives

Capability · Adaptive test planner

Testing adapts to the application

Instead of a fixed test list, Pentrova adapts the test plan to what your application reveals — concentrating effort where the attack surface is richest and skipping what does not apply. Every decision is logged with its reasoning so the run is fully auditable after the fact.

Capability · Authorization Matrix

Multi-role replay. Real privilege bypasses, not theoretical risks.

Declare as many roles as your app models — owner, admin, member, viewer, external, unauthenticated — and Pentrova establishes a fresh authenticated session per role. Every endpoint is exercised under every role; reference responses are captured per role; then Pentrova replays every request with every other role’s session and compares deterministically. Differences that indicate access (a 200 where a 403 was expected, disclosed identifiers, unexpected write confirmation) are flagged as violations with the full request/response pair attached as evidence.

Capability · DOM XSS taint

Canary taint. Comprehensive DOM sink coverage.

Reflected XSS fuzzing cannot catch DOM-only bugs. Pentrova plants unique canaries in six controlled sources, then instruments the page to follow them through every read and every write until a sink fires. The full sink list is published in the Trust Center.

  • Cookies

    Canary tokens planted in readable cookies and traced through document.cookie reads.

  • window.name

    Canary placed in window.name before navigation and tracked through JS reads.

  • postMessage

    Controlled postMessage events with canary payloads and targeted origins.

  • URL hash

    Canaries in location.hash traced through URL parsing and DOM updates.

  • URL search

    Canaries in location.search traced through query parsing and DOM writes.

  • Referrer

    Controlled document.referrer value traced through any JS that reads it.

DOM XSS taint is a browser-side signal and runs only in Web App Pentesting engagements — API Pentesting has no DOM surface.

Capability · Sandbox PoC

Sealed sandbox. Sanitised exploits, every time.

For every confirmed Critical or High finding, the sandbox renders a sanitised proof-of-concept exploit. Destructive payloads are swapped for read-only equivalents, customer data is redacted at the boundary, and the resulting artifact replays without Pentrova’s control plane — engineering can re-run the exploit from the audit pack alone.

Capability · Attack chains

One bug becomes a business-impact path

Confirmed findings feed the chain resolver. Pentrova ships a curated catalog of escalation chains and adds dynamic LLM-built chains at scan time when the catalog does not already encode a path between two findings. Both kinds are verified against the live target the same way, so the evidence quality is identical.

  • SQLi → FileRead → RCE

    1. Union-based SQL injection on a search field
    2. INTO OUTFILE writes a webshell to the document root
    3. Webshell executes id/whoami under the app user

    Impact: Full remote code execution on the application host

  • SSRF → CloudMeta

    1. Server-side request forgery on a URL-import feature
    2. Agent pivots to the cloud metadata service
    3. Instance role credentials exfiltrated

    Impact: Instance IAM role takeover and downstream cloud access

  • LFI → RCE

    1. Path-traversal LFI on a template parameter
    2. Log poisoning via a User-Agent header
    3. LFI reads the poisoned log as executable content

    Impact: Remote code execution on the application worker

  • SSTI → RCE

    1. Server-side template injection in a profile field
    2. Sandbox escape via class-loader lookup
    3. Command execution through the runtime subprocess

    Impact: Deterministic remote code execution inside the template engine

  • XXE → SSRF

    1. XML external entity injection on an invoice upload
    2. External DTD forces an internal HTTP GET
    3. SSRF reaches metadata or admin endpoints

    Impact: Internal network read and cloud credential exposure

  • CSRF → Account Takeover

    1. Missing SameSite and missing token on the settings form
    2. CSRF changes the recovery email
    3. Password reset hands the attacker the account

    Impact: Account takeover via cross-site request forgery

Capability · Agent library

Six capability families

Pentrova’s agent library is grouped by remit, not by name. Internal agent counts and the exhaustive inventory live behind the product console; the public surface here is the shape of the coverage so you can map it to your application boundaries before the call.

  • Read-only reconnaissance

    Observe traffic, DOM, headers, and responses without sending exploit payloads. Read-only by design, which is what lets Pentrova run safely against live systems.

    • Response-header policy posture (CSP, HSTS, CORS, cookies)
    • DOM-structure capture after framework hydration
    • Client-bundle map and orphaned endpoint discovery
    • Session-lifecycle cookie auditing

  • Injection

    Exercise classic injection classes — SQLi, command injection, LFI/RFI, SSTI — with conservative payload budgets and out-of-band confirmation. Every finding is verified before it reaches your queue.

    • SQL injection across common dialects
    • Command metacharacter probing with OOB confirmation
    • Path traversal and local file inclusion
    • Server-side template injection with sandbox-escape detection

  • Access control

    Prove privilege bypasses through cross-role and cross-tenant replay. The Authorization Matrix above is the public face of this family.

    • Broken object-level authorization (BOLA / IDOR)
    • Elevated-function access from under-privileged sessions
    • Cross-tenant read and write replay

  • Business logic

    Encode application-specific invariants — pricing, workflow order, rate and quota guards. These are findings a generic scanner can never ship because only the application knows what "broken" looks like.

    • Price and currency manipulation
    • Workflow-ordering and state-machine bypass
    • Rate-limit and race-window characterisation

  • Protocol & API

    Exercise modern API surfaces — REST, GraphQL, gRPC, SOAP, JSON-RPC, WebSocket — with parser-aware payloads tuned to each transport.

    • GraphQL introspection, persisted queries, subscriptions
    • gRPC reflection exposure, authentication, and metadata checks
    • SOAP / WSDL with WS-Security and custom XSD imports
    • WebSocket and Protobuf message exercising

  • Post-exploitation

    Once a beachhead is confirmed, post-exploitation agents pivot deterministically — cloud metadata reads, file exfiltration, lateral movement — under sandbox guardrails.

    • Cloud-metadata role enumeration
    • Confirmed-LFI file exfiltration
    • Sandbox-bound command execution traces

Frequently asked questions

Inside every pentest — questions

  • Are these features I have to buy separately?
    No. The adaptive test planner, the Authorization Matrix, DOM XSS taint, Sandbox PoC, and the chain resolver run inside every Pentrova engagement. Pricing tiers gate scope (target count, retest window, retention) and Enterprise-only services — they do not gate which capabilities run.
  • How do these capabilities relate to Web App Pentesting and API Pentesting?
    Web App Pentesting and API Pentesting are the two ways to point Pentrova at a target. Everything on this page is the shared pipeline both modes run through. The compatibility matrix above shows which capabilities apply to each mode.
  • Can Pentrova invent vulnerabilities that are not really there?
    Every finding is verified against the live target before it ships, and Critical and High findings are reproduced inside the sandbox with a captured request/response and a reproducible command. Anything that cannot be substantiated never reaches your queue.
  • Are chains safe to run against production?
    Yes. Exploit steps run under sandbox guardrails, destructive actions are held back in favour of read-only equivalents, and engagements can be scoped per target. The recommended pattern is full chains in staging and conservative runs against production.
  • Can I see the exact source-to-sink path on a DOM XSS finding?
    Yes. Each finding includes the call-site for the source read, every intermediate transformation the canary passed through, and the final sink write — with a trimmed stack trace and a reproducible URL.
  • How many roles can the Authorization Matrix test?
    As many as your application defines. Most teams start with four to six (owner, admin, member, viewer, external, unauthenticated) and add tenants for multi-tenant platforms.
  • Why are the exact agent counts not published?
    A raw inventory count helps competitors more than buyers. The capability areas on this page describe what we cover; the detailed inventory is available to prospects under evaluation.

Related

  • Integrations

    Findings flow into Slack, Microsoft Teams, Discord, email, and custom webhooks. CI gating templates ship for GitHub Actions, GitLab CI, Jenkins, CircleCI, Azure Pipelines, and Bitbucket.

    Open Integrations →

Next step

Start your first pentest.

No sales call. No setup fee. Proof in minutes.

Start free Explore the platform

Site search

↑↓ navigateEnter openEsc close