Elyria is an application security assessment tool aimed at French TPE/PME businesses—that is, very small, small, and medium-sized companies. Its core positioning is not for professional penetration testing teams, but for companies without a DSI/CIO or in-house security experts that need continuous security checks for externally accessible systems such as websites, business applications, APIs, e-commerce sites, and ERPs. The official description compares it to a “technical roadworthiness test for IT tools”: it identifies vulnerabilities, explains the risks, and provides actionable recommendations that can be handed to an IT service provider for remediation.
Based on the main content, Elyria mainly covers external attack surface discovery, automated weakness testing, vulnerability reporting, and continuous monitoring. After users provide a website or API address, the system maps the externally accessible scope and runs a large number of automated test scenarios using techniques similar to those used by attackers. The reports emphasize “no technical jargon,” explaining where the weaknesses are, why they are dangerous, and how to fix them. This makes it friendly for non-technical decision-makers and also useful for supervising outsourced IT providers.
Elyria offers both a hosted SaaS version and a self-hosted version. Its source code is licensed under GNU AGPL v3, allowing use, modification, and redistribution; organizations that want to integrate it without being bound by AGPL obligations can choose a commercial license. On compliance, the content mentions RGPD/GDPR, industry obligations, customer audits, and security evidence for tenders, but does not disclose certifications such as ISO 27001 or SOC 2. For management and alerting, the product automatically repeats checks and notifies users when conditions change.
Pricing information is limited. The page mentions “view pricing” and “try it first; if you don’t see value, you don’t pay,” but it does not publicly disclose plans, billing metrics, asset limits, or SLA details. Payment methods, invoicing, contract terms, and enterprise support are also not covered in the main content. Before purchasing, buyers should further confirm pricing, scan frequency, support response times, data retention, and service availability.
Its strengths are precise positioning, a low barrier to use, support for continuous monitoring, and clear reports designed for management and outsourced providers. Self-hosting and the open-source license also add a degree of control. The drawbacks are that its technical boundaries are not clearly defined: it is not stated whether it supports authenticated scanning, logged-in-state scanning, vulnerability validation, CI/CD integration, SIEM integration, or ticketing integration. The official content also states that results are not guaranteed to be complete or fully accurate, and cannot replace a professional security audit. Elyria is better suited to SMEs that lack a security team but need basic continuous protection and compliance evidence.
The content does not provide information about access from mainland China, a Chinese interface, local payment methods, or compliant deployment within China, so china_access can only be assessed as unknown. If using it in China, it is recommended to first test network connectivity, data export implications, and payment methods. Alternatives may include OWASP ZAP, Burp Suite, Detectify, Intruder, Tenable, as well as vulnerability scanning and attack surface management services from domestic cloud vendors or security companies.
⚠ This review is compiled from public sources and does not constitute a purchase recommendation. Verify all facts on the vendor's official site. Verify on elyria.pro official site.
elyria.pro is an France Cybersecurity provider. TG4G tracks its product information, an overall rating of 6.0/10, and a China-accessibility score of Workable. Click "Visit Official Site" to reach elyria.pro directly.