PT BlackBox Scanner

The main articles are:

• Software and hardware vulnerabilities
• SaaS - History. Philosophy. Development drivers

BlackBox Scanner is a cloud service for identifying vulnerabilities in web applications.

BlackBox (on-premium version)

Main article: on-premium BlackBox scanner

2026: LLM Integration

in Positive Technologies integrated the public cloud DAST analyzer of web applications (sites) PT BlackBox Scanner a large language model () of LLM its own design. Now, in addition to the scan report, developers and owners of web resources can receive detailed recommendations for correcting detected protection defects. The advanced capabilities of the analyzer make current secure development technologies even more accessible to the market. The developer announced this on January 28, 2026.

Application vulnerabilities can threaten businesses with sensitive data leaks and attacks on users of enterprise services. In addition, business applications on the network perimeter remain the most common (36% of cases) point of entry for hackers into the company's infrastructure. At the same time, some of the tools that organizations implement to scan the security of software provide only a description of the problem - without specifying exactly what changes need to be made to the code. As a result, it becomes clear: it is impossible to strengthen the protection of the application without the help of experienced information security specialists.

The updated PT BlackBox Scanner helps developers fix vulnerabilities on sites and web applications. Now, in addition to a detailed report that includes the results of more than 110 types of checks, the service, using the capabilities of artificial intelligence, automatically generates recommendations for eliminating found security defects. They describe the causes of vulnerabilities in an accessible language, as well as examples of correct code and configurations.

𝓲

Фото: PT

We aim to make the PT BlackBox Scanner even more understandable and user-friendly. It is important for us that any developer and owner of a web resource can regularly and without unnecessary labor check the security of his product, - said the speaker of Positive Technologies. - Thanks to the implementation of our own LLM, the service not only prioritizes vulnerabilities, but also gives specific recommendations for fixing them. Now even specialists who do not have deep expertise in the field of cybersecurity can quickly take the measures that are necessary to correct the protection flaws found.

2024

GitFlic Compatibility

The experts ReSolut"" (included in Astra Group"") Positive Technologies and completed a series of compatibility tests of the PT BlackBox code analyzer and the platform for working with. source code GitFlic The test results demonstrated the complete performance and stability of the software stack. Astra Group announced this on November 27, 2024.

PT BlackBox detects vulnerabilities and environment errors during application operation: during the scan process, it simulates the behavior of an attacker who does not know how the code itself works. If you use this tool in combination with the PT Application Inspector, which is also integrated with GitFlic, you can get the most complete understanding of product weaknesses. Reports on the results of any type of security check of software are available to users in the GitFlic platform interface.

More than 400 development teams are already using PT BlackBox to improve the quality of their code. Its compatibility with GitFlic allows even more DevSecOps professionals to identify software vulnerabilities that hackers can exploit in real life. It is important to take these risks into account even at the stage of product creation, since web applications still remain one of the most common (44%) entry points for attackers into the infrastructure of companies, "said Ivan Solomatin, head of application protection business development at Positive Technologies.

The integration of GitFlic with the solution of our technology partner Positive Technologies allows us to develop software that meets global standards. We are confident that customers will appreciate the practical value of GitFlic's compatibility with PT BlackBox, "said Maxim Kozlov, Technical Director of ReSolut LLC.

Web Application Security Analysis Release

Positive Technologies in August 2024 introduced an updated version of its PT BlackBox Scanner, a cloud-based vulnerability scanner designed to analyze the security of web applications. This freely available tool allows you to detect vulnerabilities in the code and configurations of web resources using the dynamic analysis method (DAST). The scanner is already available for everyone to use.

According to the developers, PT BlackBox Scanner has received dozens of new features and improvements, including the ability to download a detailed report on the results of the audit. The service is capable of performing more than 110 types of checks, simulating real attacks on running web applications to identify weaknesses that can be exploited by attackers.

𝓲

Фото: Positive Technologies

One of the main innovations was the optimization of the scanning process, which made it possible to speed up application validation by half. A profile was also added to scan the perimeter of applications in order to search for subdomains and open ports, which makes it possible to identify additional vulnerable resources that are not intended for public access. The updated version also includes special checks for the popular 1C-Bitrix platform, which allows you to take into account new critical vulnerabilities.

In addition, the service received a large-scale update of the knowledge base about known vulnerabilities, as well as scenarios for verifying them. An important function was to filter the found vulnerabilities by their criticality, which simplifies the prioritization of work on security.

According to Sergey Sinyakov, project manager at PT BlackBox, the main goal of the company is to develop a cloud version of the scanner, which will eventually completely replace the old one. The new version retains the familiar interface, but offers improved features based on user feedback. In addition, the scanner now uses a new engine similar to that used in other flagship Positive Technologies products.

2017: BlackBox Scanner free online service beta launch

On May 23, 2017, Positive Technologies announced the launch of a public beta testing of a free online service for detecting vulnerabilities in BlackBox Scanner web applications.

Users can start verification without registering and confirming ownership of the site. The service is based on Positive Technologies enterprise-level application security technologies. You can also check the sites operating on the local network.

Screenshot of the page screen, (2017)

An open source agent allows to prevent anonymous exploitation of the service and maintain ease of use, which makes it possible not to confirm the fact of ownership of the site, ensuring that all scan requests are tunneled through the user's PC to the scanned site. Another way to protect PT BlackBox Scanner from anonymous use is to confirm ownership by placing special code in the root directory of the site.

The service is focused on those interested in protecting web applications: from site owners to companies and experts testing the security of their clients' sites.

Vulnerabilities in web applications today are one of the most common compromise vectors. Large and small businesses are actively translating their activities into a digital plane, so the insecurity of web applications is fraught with legal and economic risks, disclosure of user personal data and fraud. We want to bring security to the forefront, empower people to find vulnerabilities in their infrastructure themselves and get ahead of bad actors. We also believe that our knowledge and expertise will help make the virtual world safer, and that's why our PT BlackBox Scanner is free. Maxim Filippov, Business Development Director of Positive Technologies in Russia