Pricing - ArmoScan | Dynamic Application Security Testing

7-day trial

Starter

Essential DAST scanning for a single domain

£499/mo

billed monthly

1 FQDN (domain) + 1 ArmoTunnel
All 474+ security plugins
1 concurrent scan
HTML + JSON reports
OWASP Top 10 mapping
Email notifications
REST API access
No recurring scans
No monitoring

Start 7-Day Trial

Professional

Full-spectrum DAST for security teams

£1,999/mo

billed monthly

5 FQDNs (domains) + 5 ArmoTunnels
All 474+ security plugins
3 concurrent scans
PDF + HTML + JSON + CSV reports
OWASP + PCI-DSS compliance
Email + webhook notifications
Recurring + scheduled scans
Cross-scan deduplication
Scan comparison + profiling
Basic monitoring
Email support (48h SLA)

Start 7-Day Trial

7-day trial

MSSP

Multi-tenant enterprise DAST platform

£3,599/mo

multi-tenant, billed monthly

10 FQDNs (domains) + 10 ArmoTunnels
Multi-tenant (custom subdomain)
All 474+ plugins + custom
10 concurrent scans
White-label reports + SLA compliance
Advanced monitoring + threat detection
176+ YARA malware rules
Infrastructure security grade (A+ to F)
Asset discovery + file mapping
Signed audit logs + export
Full API + SDK + MCP Server access
100 users per tenant
Priority support (4h SLA)

Contact Sales

Feature Comparison

Detailed breakdown of what's included in each plan.

Feature	Starter	Professional	MSSP
FQDNs (Domains)	1	5	10
ArmoTunnel	1 tunnel	5 tunnels	10 tunnels
Tenants	Single	Single	Multi-tenant
Concurrent Scans	1	3	10
Security Plugins	All 474+	All 474+	All + Custom
Recurring Scans
Report Formats	HTML, JSON	PDF, HTML, JSON, CSV	All + White-label
Compliance	OWASP Top 10	+ PCI-DSS	+ Custom Frameworks
Notifications	Email	Email + Webhook	+ Slack/Teams
Cross-Scan Dedup
Scan Comparison
API Access	REST API	REST API	Full + SDK
MCP Server Access
Audit Logging	Basic	Signed chain	Signed + Export
Basic Monitoring
Advanced Monitoring			Full + Threats
YARA Malware Scanning			176+ built-in + Custom
Custom Subdomain
Support	Community	Email (48h)	Priority (4h SLA)

Frequently Asked Questions

Dynamic Application Security Testing (DAST) analyzes running web applications to find security vulnerabilities. Unlike SAST which examines source code, DAST tests applications as an attacker would, sending requests and analyzing responses to identify vulnerabilities like SQL injection, XSS, authentication bypasses, and more.

Tunnel scanning uses ArmoTunnel to test applications running on localhost or your internal network — the app is never exposed to the internet. FQDN scanning tests publicly accessible domains (e.g., app.example.com). All plans include both FQDN scanning and ArmoTunnel — the number of tunnels matches your FQDN allowance (Starter: 1, Professional: 5, MSSP: 10).

ArmoTunnel is a lightweight CLI tool (~25MB) that creates a secure reverse tunnel from your machine to ArmoScan's scanning infrastructure. It allows you to security-test local, staging, and intranet applications without exposing them to the internet. Download it from the Developers page.

Sign up and get full access to all Professional plan features for 7 days — no credit card required. Run unlimited scans with all 474+ plugins, generate compliance reports, and evaluate the platform with your own applications. When your trial ends, choose a plan to continue or your account will be paused.

Yes, annual billing saves 20% compared to monthly billing. Toggle "Annual" above to see discounted pricing.

Payments are processed securely by Paddle, our merchant of record. Paddle handles payment processing, tax calculation, invoicing, and subscription management. You can pay with credit card, PayPal, Apple Pay, or Google Pay.

Yes, you can upgrade at any time and the prorated difference is charged immediately. Downgrades take effect at the end of the current billing period. Your scan history, findings, and reports are preserved across plan changes.

Choose Your Plan

Starter

Professional

MSSP

Feature Comparison

Frequently Asked Questions

Ready to Secure Your Applications?