Overview
Product Information on Astra
What is Astra?
Astra Pricing
Overall experience with Astra
“Platform Enhances API Security Visibility Yet Faces Initial Setup And Maturity Challenges”
“Good Tool for beginners ”
About Company
Company Description
Astra Pentest is comprehensive platform featuring an automated vulnerability scanner, manual pentest capabilities, and an all-purpose vulnerability management dashboard that helps you streamline every step of the pentest process - from detection and prioritizations of vulnerabilities to collaborative remediation. Our Pentest platform emulates hackers behavior to find critical vulnerabilities in your application Web App, Mobile App, SaaS, APIs, Cloud Infrastructure (AWS/Azure/GCP), Network Devices (Firewall, Router, Server, Switch, Printer, Camera, etc), Blockchain/Smart Contract, and more proactively.
Company Details
Do You Manage Peer Insights at Astra Security?
Access Vendor Portal to update and manage your profile.
Key Insights
A Snapshot of What Matters - Based on Validated User Reviews
Reviewer Insights for: Astra
Deciding Factors: Astra Vs. Market Average
Performance of Astra Across Market Features
Astra Likes & Dislikes
Overall Astra has been a positive addition to our API security posture. Helped us uncover several undocumented and forgotten endpoints that we did not even know existed in our eco system., the continuous scan model fits with our shift left mindset. The user interface is clean and, importantly, it's developer friendly. The reporting feature is clear enough for both developers and security teams to act on the findings quickly. Some of the key features we liked : Traffic driven discovery of API's and the ability to detect shadow, zombie and orphan endpoints automatically Using a hybrid model with automated scans plus optional manual pen testing, this helped us in catching logic flaw type issues that pure automation can miss. Lastly, the CI/CD pipelines and the relatively low friction setup.
ease of use
CI/CD integration with Jenkins and GitLab shifts our security left, so devs can fix issues before production faster. Compliance ready reports for PCI DSS and SOC2 cut our compliance preparation time in half. The support team responds quite faster than traditional support teams, and help us understand root causes very well.
The main pain point we had during are around the initial setup complexity and maturity of some of the integrations. Depending on how the API ecosystem is structured, we may need to spend more time than expected. Some of the dashboards and connectors are still evolving. so sometimes its DIY.
that it has no fuzzing capabilities
Manual penetration testing add ons end up being quite expensive for a mid tier firm like us. Pricing scales very aggressively beyond 500 endpoints, and the overall documentation was thin - we had to rely on support tickets rather than self-guided documentation for deployment and integration.
Top Astra Alternatives
Peer Discussions
Astra Reviews and Ratings
- Head Of Cyber Defense Center<50M USDIT ServicesReview Source
Platform Enhances API Security Visibility Yet Faces Initial Setup And Maturity Challenges
Astra's platform gives very good visibility into shadow, zombie and undocumented APIs and integrates well into DevSecOps, but we feel like it's a product still evolving and works best if its paired with manual pen test support. - Chief Information Security Officer50M-1B USDTelecommunicationReview Source
Effective API Coverage Offset By Aggressive Pricing and Limited Self-Help Resources
Astra API Security has proven overall to be very effective for our automated discovery and continuous scanning of shadow APIs, covering OWASP Top 10 and IDOR with more than a thousand test cases for our internal tools testing and REST API endpoints. Low false positives and responsive support helps our devs fix issues 40% faster. - Dgm, It Security And Risk Management50M-1B USDTelecommunicationReview Source
Platform Excels in Real Time API Discovery and Automated Test Coverage
This platform provides value on two things that solve many API issues i.e. visible and actionable testing. In my experience, traffic-based discovery reliably surfaces zombie APIs, and the automated scanning applies an extensive set of test cases, so findings are broad and frequent. It also integrates human pen testers into the workflow to reduce false positives. My overall experience with this API security is good. - VP, IT SECURITY AND RISK MANAGEMENT<50M USDBankingReview Source
Effective Pen Testing Service Offers Strong Documentation and Collaborative Support
First, based on our research this is the most effective way to get Pen Testing performed. We have used them for the last two annual cycles. A good combination of online service and personal service with account rep - Growth Hacker Lead50M-1B USDSoftwareReview Source
Smooth Onboarding and Responsive Support Enhance Astra’s User Experience
Astra is easy to use and a solid platform that's got the fundamentals right - quick setup, good reporting and responsive support. A few improvements in revalidation speed and scanning will make it even better. Overall they deliver a reliable and frictionless experience.