Dimension scores are derived from public data and fields; weighted into the composite. Reference only.
VAddy is a cloud-based web vulnerability assessment tool provided by Bitforest Co., Ltd. in Japan. It is positioned as an automated web vulnerability scanner for DevOps teams. By integrating with existing CI workflows, it can run security checks after each code change or build, helping development teams continuously identify issues before release instead of running a single scan right before going live.
In terms of protection type, VAddy is a DAST/black-box web application vulnerability scanning service. The source text explicitly states support for detecting SQL injection, XSS, remote file inclusion, command injection, directory traversal, and more. Scan targets include URL path parameters, applications with form-based authentication, Basic authentication, SSL sites, forms with CSRF tokens, and REST APIs, with support for JSON request parameters. It also allows users to view the requests used to discover vulnerabilities, making it easier to reproduce attacks and fix code. Note that persistent XSS and DOM-based XSS are listed in the source text as future plans, not confirmed current capabilities.
VAddy is delivered as a cloud SaaS/ASP service and can be used through a management console, Web API, plugins, or client tools. Its key strength is CI/CD integration, with support for Jenkins, CircleCI, Codeship, Travis CI, Wercker, and others. It also provides a Jenkins plugin, Web API documentation, a Ruby Client, and the go-vaddy command-line tool. On the management side, the source text mentions alerts after scanning when a commit contains vulnerabilities, as well as visualization of vulnerability frequency by team member or code module. The terms also indicate support for team features, organization management, and Enterprise-related role permissions.
Pricing information is not transparent. The source text only indicates the existence of a free plan, paid plans, paid options, free options, and an Enterprise plan, but does not provide specific prices, scan quotas, concurrency limits, or billing cycles. Common enterprise procurement details such as compliance certifications, SLA, data residency, and audit reports are also not present in the captured text and should be confirmed directly with the vendor.
The main advantages are that developers can get started without a security expert background, integrate it into existing pipelines, and use it for continuous security regression testing. Support for multiple languages and frameworks is also emphasized. The limitations are that it mainly covers black-box web vulnerability scanning and cannot replace SAST, SCA, WAF, or a full security operations platform. Disclosure around advanced vulnerability types and enterprise-grade compliance information is also limited. VAddy is best suited for development and DevOps teams that already have a CI/CD foundation and want to shift web security testing left.
The source text does not specify availability from mainland China, supported payment methods, or Chinese-language support, so china_access can only be assessed as unknown. If access or procurement is restricted, alternatives to consider include OWASP ZAP, Burp Suite Enterprise, Invicti, Acunetix, StackHawk, or web vulnerability scanning and cloud security center products from domestic cloud providers in China.
⚠ This review is compiled from public sources and does not constitute a purchase recommendation. Verify all facts on the vendor's official site. Verify on vaddy.net official site.
vaddy.net is an Japan Security provider. TG4G tracks its product information, an overall rating of 7.0/10, and a China-accessibility score of Workable. Click "Visit Official Site" to reach vaddy.net directly.