Navigator is a tool that enables dynamic security testing of web applications within the scope of the OWASP Top 10.*
It leverages advanced artificial intelligence to support the testing process, helping to improve efficiency and significantly reduce time and cost.
Navigator leverages the latest large language models (LLMs) in combination with classical algorithms and libraries supporting security testing.
Its multi-agent architecture enables the analysis of each potential vulnerability, complex reasoning, and informed decision-making on subsequent steps depending on the specific case. This approach goes beyond the capabilities of traditional automated scanners.
Thanks to these technological capabilities, Navigator can also analyze the technical documentation of the tested application as well as the organization’s approach to security testing.
Navigator significantly reduces costs when compared with other automated or semi-automated solutions, as well as with traditionally conducted manual security testing.
AI-driven technology enables faster results while maintaining broad coverage of the most common vulnerability classes defined by the OWASP Top 10 standard.
The tool does not require specialized security expertise. It can be integrated into software development processes with minimal effort and in a short time frame.
The first step after registration and login is to define the name and domain of the web application. To verify the domain, add the required records to its DNS zone.
The scope of testing can be defined according to the classification criteria used in the OWASP Top 10 report.
Some tests require the tool to operate in the context of an authenticated user. For this purpose, the provided test user credentials will be used.
To start testing, purchase an appropriate NAVI token package. Multiple payment methods are supported, including payment cards and BLIK.
The AI agent guides you through the entire process. It provides information about different aspects of the tests and requests additional data when required.
Some OWASP Top 10 categories require the analysis of system documentation containing information about the application architecture or configuration details.
Depending on the complexity of the application and the selected scope, tests may take from several minutes to several hours. Identified vulnerabilities are listed as they are discovered.
After the tests are completed, you can review the identified vulnerabilities or generate a report in PDF format. Vulnerabilities are clearly described and categorized by severity.
If there are any questions regarding the results, you can discuss the report and individual vulnerabilities with the AI agent. This allows you to obtain more detailed information, including suggested mitigation approaches.
After applying fixes, you can easily run retests to verify whether vulnerabilities from specific OWASP Top 10 categories have been addressed.
Uploaded files are used solely for the purpose of performing security testing and are deleted after the testing process is completed.
The implemented AI models do not use the provided data or files to improve or train their operation.
Navigator has been designed and implemented in accordance with strict security requirements.
The tool does not require access to production infrastructure components or databases.
Flexible selection of the test scope and interaction with the AI agent allow the exclusion of the most sensitive data.
In specific cases, the confidentiality of the transferred data may be confirmed through an additional agreement.
The OWASP Top 10 is a report outlining the ten most critical security risks to web applications, developed by the OWASP. Its purpose is to raise awareness among developers, architects, and IT managers and to support the development of more secure software. The OWASP Top 10 also serves as a reference point for application security audits and testing.
The OWASP Top 10 (2021 edition) includes the following vulnerability categories:
Broken access control – improper enforcement of access controls that allows unauthorized access to data or functionality.
Cryptographic failures – issues related to the incorrect use of cryptographic mechanisms, such as missing data encryption.
Injection – injection of malicious code (e.g. SQL, NoSQL, OS command injection) that is executed on the server side.
Insecure design – application design that does not take security principles into account, leading to vulnerabilities already at the architectural stage.
Security misconfiguration – incorrect configuration of servers, services, or applications, such as default credentials, unnecessary services, or missing security headers.
Vulnerable and outdated components – use of components (e.g. libraries) with known vulnerabilities or without regular updates.
Identification and authentication failures – issues in login, authentication, or session management processes.
Software and data integrity failures – lack of verification of code and data integrity, such as missing digital signatures or updates from untrusted sources.
Security logging and monitoring failures – insufficient logging and monitoring, making it difficult to detect and respond to incidents.
Server-side request forgery (SSRF) – an attack in which the application server is manipulated to perform HTTP requests to internal resources.
* Full coverage of the OWASP Top 10 scope will be available in future development versions of the tool.
We actively support Poland’s digital transformation. Drawing on deep experience, we design and implement solutions that form the foundation of digital advancement.
We deliver reliable and secure technologies for enterprises and public institutions, enabling them to operate efficiently in today’s fast-paced digital landscape.
The security of our clients’ data and systems is our top priority. That’s why our clients can focus on growing their business — confident that their digital assets are fully protected.
If you have any questions, feel free to contact us.
We will respond as quickly as possible.
IT Operations Director
