Is Barrion a penetration test?

Barrion has two scanning modes. The plans on this page run passive, automated scans that never send payloads or attempt logins, safe for production. For active, agent-driven testing with proof-of-exploit (SQLi, XSS, IDOR, SSRF, business logic), see AI pentesting, which is scoped per engagement.

Does Barrion scan behind a login or authenticated areas?

No. Barrion only scans pages reachable without credentials: public-facing URLs and their linked pages up to the plan's crawl limit. It cannot test dashboards, account settings, or any URL requiring a session. This makes it safe to run in production.

What compliance frameworks can I use Barrion reports for?

Paid plan exports are designed as audit evidence for SOC 2 (CC6.x security controls), PCI DSS (Requirements 6 and 12), and ISO 27001. Reports include a timestamped security score, severity-categorized findings, and remediation status.

How is the Barrion security score calculated?

Each security check carries a weighted score based on its CVSS-derived severity. The overall score (0 to 100) is the ratio of achieved score to maximum possible. Scores are tracked across every scan so you can see whether your security posture is improving, stable, or declining over time.

Can I cancel my Barrion subscription at any time?

Yes. You can cancel directly in the dashboard, no emails or support tickets needed. Paid plans also include a 14-day refund window from your first charge.

Pricing

Plans that fit how you ship.

Name: Barrion
Availability: InStock
Author: Barrion

Free first scan, no signup. Paid plans add advanced security checks, continuous monitoring, alerts and audit-ready reports. AI pentesting is scoped per engagement.

Free

$0/mo

No credit card required.

Get started

18 core security checks
Passive, read-only scans
Step-by-step remediation
Security score history
PDF report export
3 pages, 5 scans/day

Essential

$39/mo

7 days free, then $39/mo.

Start free trial

Everything in Free, plus:
+17 advanced checks
Continuous monitoring (1 domain)
Email alerts
GitHub + codebase scanning
SOC 2 / ISO 27001 / PCI reports
20 pages, 50 scans/day
Priority support

Business

$179/mo

7 days free, then $179/mo.

Start free trial

Everything in Essential, plus:
Daily monitoring (10 domains)
Slack & Teams alerts
20 GitHub repos
AI-enhanced codebase scanning
CI/CD scan on commit/PR
200 pages, 500 scans/day
Dedicated support

Enterprise

Custom

For larger teams & estates.

Everything in Business, plus:
Deeper security coverage
Greater scale & volume
Advanced integrations
Tailored to your needs

Compare plans side-by-side

Need deeper testing?

Real penetration testing, on demand.

On-demand active engagement that probes for SQL injection, IDOR, SSRF, broken access control, and business-logic abuse, with reproducible proof-of-exploit. Scoped per engagement, separate from the monitoring plans above.

See AI Pentesting

Compare plans

Side-by-side, feature by feature.

Feature	Free	Essential	Business
Security checks	18	35+	35+
Standard remediation guidance	✓	✓	✓
Security knowledge base	✓	✓	✓
Security score trend history	✓	✓	✓
AI Stack Guidance	3/month	Unlimited*	Unlimited*
Manual scans per day	5	50	500
Pages per scan (crawling)	3	20	200
GitHub Repo Connections	0	1	20
Code Scan	–	Rule-based	Rule-based + AI-Enhanced
AI Remediation PRs	–	5/month	Unlimited*
CI/CD Triggers	–	–	✓
Report export	PDF summary	Board-ready & audit-ready PDF	Board-ready & audit-ready PDF + CSV
Continuous monitoring	–	1 domain + subdomains, weekly scanning	10 domains + subdomains, daily scanning
Vulnerability alerts	–	Email	Email, Slack, Teams
Support	Basic	Standard	Priority

FAQ

Frequently asked.

What is Barrion and how does it enhance website security?

Barrion is a security testing and monitoring platform for engineering teams, covering three products: passive DAST that continuously watches your live web apps and APIs, SAST via GitHub that scans your codebase for secrets, insecure patterns and vulnerable dependencies, and AI pentesting that runs active, agent-driven attacks with proof-of-exploit. Findings come with step-by-step fixes you can ship immediately.

How safe is Barrion to use for security testing?

Every default Barrion scan is 100% passive and read-only. We never submit forms, brute-force endpoints or interact with state-changing routes, so it's safe to run against production.

What types of security issues does Barrion identify?

Barrion is a security testing and monitoring platform, so coverage spans three surfaces. Passive DAST flags misconfigurations across TLS/HTTPS, security headers, cookie flags, CORS policy, DNS records, email authentication (SPF/DKIM/DMARC), network exposure and common web hygiene issues. SAST via GitHub finds secrets in code, insecure patterns and vulnerable dependencies. AI pentesting adds exploitable findings like SQL injection, XSS and broken access control with proof-of-exploit.

What specific security checks does Barrion perform?

Barrion checks TLS/HTTPS configuration, HTTP security headers, cookie flags, CORS policy, DNS and email authentication records, network exposure and common web hygiene issues, then prioritises them by severity with clear remediation.

What is Barrion's smart crawling?

Smart crawling automatically discovers the pages and endpoints of your app so scans cover the surface that matters, without you manually listing every URL.

How often does Barrion perform security scans?

Manual scans on demand. Continuous monitoring runs automatically on Essential (weekly+) and Business (daily), and alerts you the moment a new issue appears.

Is Barrion suitable for security testing of all business sizes?

Yes. Barrion is a security testing and monitoring platform, with passive DAST, SAST via GitHub and AI pentesting available to solo developers, startups, scale-ups and enterprise security teams alike, without adding headcount.

How does Barrion handle data security and privacy during security testing?

Scans are passive and read-only by default, and we never store or expose sensitive data from your application. Pentests are rate-limited and non-destructive, designed to confirm exploitability without altering data or affecting availability.

What if I'm not satisfied with Barrion's security testing service?

Paid plans start with a free trial, and you can cancel anytime. If something isn't right, contact us and we'll make it work for your team.

How does Barrion help with SOC 2, ISO 27001, NIS2, and other compliance frameworks?

Barrion produces audit-ready PDF and CSV reports suitable for SOC 2, ISO 27001, PCI DSS and NIS2, ready to share with auditors, customers and your board.

Anything else? Email contact@barrion.io.