Dimension scores are derived from public data and fields; weighted into the composite. Reference only.
SPHIOR positions itself as “Continuous Security as a Service.” Its core offering is automated monthly web security audits and vulnerability scanning, with audit evidence reports tailored for SOC 2, ISO 27001, and OWASP. Rather than being a single-purpose scanning tool, it breaks down the public attack surface, configurations, APIs, authenticated areas, and cloud infrastructure into multiple layers for continuous assessment.
In terms of protection coverage, SPHIOR checks the public-facing surface, including domains, SSL/TLS, exposed ports, and leaked metadata. It also reviews security headers, TLS configuration, public storage, and dependency drift. For APIs and endpoints, it focuses on undocumented interfaces, response data leakage, and input validation issues. The Enterprise version supports authenticated DAST: sessions are delivered via a Chrome extension, plaintext passwords are not stored on the server, and scans are run using an encrypted Session Vault together with isolated temporary microVMs. On the cloud side, it can audit IAM, storage exposure, firewall, and encryption configurations across AWS, GCP, Azure, and Cloudflare.
Its reporting emphasizes “one assessment, three outputs,” serving engineers, management, and auditors respectively. This makes it useful for turning technical vulnerabilities into governance and audit materials. In terms of compliance, it is positioned as aligned/ready, rather than explicitly claiming its own certification in the text. Integrations include Vanta and Drata, making it suitable for teams that already use compliance automation platforms.
The page mentions Choose Your Plan, Agency, Enterprise plan, and a free site check, but does not provide specific pricing, billing units, asset limits, or SLA details. For alert management, only monthly reports and audit records are visible; real-time alerts, ticketing integrations, and remediation workflow capabilities are not disclosed. Information on support channels, response times, and false-positive handling is also lacking.
SPHIOR is better suited to SMBs through enterprise teams that need monthly third-party security records, are preparing SOC 2/ISO 27001 audit materials, and want coverage for authenticated applications and cloud configuration. If you only need localized MLPS compliance, domestic regulatory compliance, or Chinese-language support, it should be compared with domestic options such as DBAPPSecurity, NSFOCUS, KnownSec, and Chaitin. Access from mainland China and supported payment methods are not disclosed, so they are currently rated as unknown.
⚠ This review is compiled from public sources and does not constitute a purchase recommendation. Verify all facts on the vendor's official site. Verify on stlur.com official site.
stlur.com is an Unknown Security provider. TG4G tracks its product information, an overall rating of 7.0/10, and a China-accessibility score of Workable. Click "Visit Official Site" to reach stlur.com directly.