Login

u/AestheticL

▲ 1 r/SideProject

Looking for a few people to test my self-hosted AI-DAST on real web apps

I built Apviso, a self-hosted BYOK AI-DAST for web application pentesting.

The idea is simple: you run the pentest from your own environment, with your own API key, against an app you own or are authorized to test. That can be local, private, staging, preview, or production.

I tested it heavily on OWASP Juice Shop and reached 45/52 relevant vulnerabilities. The remaining 7 are DoS-related, which Apviso intentionally does not run.

Now I need a small number of real-world PoCs outside Juice Shop.

What I’m offering:

  • Free test access
  • Self-hosted setup
  • BYOK with Anthropic, OpenAI, AWS Bedrock, Claude Code, Codex, or GitHub Copilot
  • Help getting the runner configured
  • A pentest-style report after the run

What I need:

  • You have a web app you own or are clearly authorized to test
  • You are comfortable running a self-hosted security tool
  • You can give honest feedback on setup, findings, false positives, and report quality

No DoS, no destructive testing, no exfiltration. The goal is to validate real application testing, not break anything.

If interested, DM me and I’ll send setup details.

reddit.com
u/AestheticL — 3 days ago
▲ 1 r/alphaandbetausers

Looking for a few people to test my self-hosted AI-DAST on real web apps

I built Apviso, a self-hosted BYOK AI-DAST for web application pentesting.

The idea is simple: you run the pentest from your own environment, with your own API key, against an app you own or are authorized to test. That can be local, private, staging, preview, or production.

I tested it heavily on OWASP Juice Shop and reached 45/52 relevant vulnerabilities. The remaining 7 are DoS-related, which Apviso intentionally does not run.

Now I need a small number of real-world PoCs outside Juice Shop.

What I’m offering:

  • Free test access
  • Self-hosted setup
  • BYOK with Anthropic, OpenAI, AWS Bedrock, Claude Code, Codex, or GitHub Copilot
  • Help getting the runner configured
  • A pentest-style report after the run

What I need:

  • You have a web app you own or are clearly authorized to test
  • You are comfortable running a self-hosted security tool
  • You can give honest feedback on setup, findings, false positives, and report quality

No DoS, no destructive testing, no exfiltration. The goal is to validate real application testing, not break anything.

If interested, DM me and I’ll send setup details.

reddit.com
u/AestheticL — 3 days ago