Web & API Security Testing, Simplified

Identify vulnerabilities in code within minutes of a pull request. Run full coverage scans of applications on public and private networks.

Make Meaningful Security Improvements

Traditional DAST creates more issues to development teams than it finds. NightVision is a Web and API Security Testing Platform that gives teams a tangible increase in ROI.

Comprehensive Scans

Thoroughly scan apps on public AND private networks for full coverage

Run meticulous and comprehensive scans within 3-8 minutes and share insightful results throughout the organization.

Fast High-Quality Results

Unbelievably fast scans integrated directly into your CI/CD

Get websites and APIs thoroughly scanned with far fewer false positives as compared to alternative DAST and SAST products.

Modern Gray Box Testing

Emulate attacks and pinpoint vulnerabilities at the line of code

Locate vulnerabilities at the origin with the exact line of code highlighted. Get a perspective on your application the way attackers would.

Built to efficiently align security and developers

Security and development teams can finally work together in removing vulnerabilities before they hit production. Instead of spending time setting up and babysitting a DAST scan, only to generate false positives for developers to deal with, NightVision makes scanning streamlined and simple.

Speed Without The Sacrifice

NightVision takes <1 min to set up. Developers can start and run scans by themselves, easily and quickly. Security Engineers can use their time more productively.

Comprehensive and Reliable

Know your websites and APIs are thoroughly examined. NightVision covers more territory than any DAST product, including undocumented APIs through modern greybox crawling.

Purpose-Built for Developer Workflows

NightVision can be embedded directly within the developers' normal CI/CD workflows. New issues found on PRs or on local instances help for easier and quicker remediation before deployment to production.

Evidence-Based for Fewer False Positives

Identifiable issues in code means that NightVision provides users with the exact place to remediate. Evidence means validated vulnerabilities.

Speed Without The Sacrifice

Run complex, full coverage scans at scale.

Coverage is everything. Nightvision is architected for security engineers to confidently scan their entire environment. Private applications. Public facing assets. API endpoints, documented and undocumented.

Our tests show a 200%+ higher coverage than our closest automated competitor.

See what others don't: undocumented APIs, private apps, etc.

NightVision scans take 15 minutes or less.

Shift Left to the Source

Remediate validated issues at the root.

NightVision identifies issues at the exact line(s) of code so developers don't have to spend time chasing down or validating vulnerability reports, saving you money and precious engineering resources.

Instant remediation support with AI powered explanations.

Pinpoint the vulnerable lines of code on every pull request.

Integrate DAST earlier in the software development lifecycle, because now you can!

Shift Left to the Source

Continuous & Configurable Security Scanning

Seamless interface that Integrates with local development workflows, providing trustworthy security information without slowing your CI

Simple & Streamlined Preparation

Uniquely, only NightVision makes setting up authenticated and unauthenticated scanning easy and flexible. Even if your APIs are undocumented, NightVision still gets you deep coverage by auto-documenting them.

Frictionless CI/CD Integration

NightVision's scanning is integrated directly into your CI/CD pipeline so that each pull request can be scanned in minutes. Create a virtuous cycle between development and security teams through easy workflows.

Straightforward Remediation

It's not enough to find. NightVision helps you fix by identifying the issue at the line of code and then provides developers with information on the alert itself. Scan, fix, ship like never before.

Private network scanning with no infrastructure changes

Applications go under the radar in traditional DAST. Only NightVision's smart proxy allows teams to scan applications on private networks without making infrastructure changes. Give your team unparalleled application security coverage.

A More Effective Way to Scan

Augment DAST with static analysis.

NightVision powers up your team's scanning by infusing static analysis into its testing. Unlike traditional scanning, NightVision's smart auto documentation means undocumented APIs don't get missed.

Tie findings back to exploitability for higher signal.

Trace vulnerabilities back to code for faster remediation.

Auto-generate Swagger documentation of API endpoints.

Tangible Increase in ROI

Greatly reduce your cybersecurity spend.

NightVision offers a high return on security investment. Developers and security teams save hours of time, allowing both departments to earn back precious engineering resources.

See how NightVision works across teams

NightVision is built for team members of all levels to work across engineering and security.

For Security Champions
  • Continuously run security tests with each pull request.

  • Integrate NightVision directly into CI/CD pipelines.

  • Get high signal findings so your team doesn't have to spend hours validating.

  • Get automatic documentation of existing APIs.

For Security Engineers
  • Easily set up authentication and replay it for testing.

  • Reduce the workload of having to babysit scans.

  • Get results within minutes of starting a scan.

For Platform Engineers
  • Get automatic documentation of existing APIs.

  • Integrate NightVision directly into CI/CD pipelines.

For Developers
  • Know exactly what and why to remediate vulnerabilities.

  • Get notified on findings earlier in your development process.

  • NightVision automates scanning. Test your code in the time it takes to get a coffee.

  • Work at your own pace, in your daily routine

  • Security is now simple and integrated as part of your workflow.

For Pentesters
  • Automate away low-hanging fruit and tedious reporting so you can focus on the real security work that still needs to be done.

  • Customize NightVision to your liking and integrate your existing Nuclei checks.

  • Easily export reports and augment with contextual AI explanations for each vulnerability.
  • Get high signal findings on both public and private network applications.

Our team

Meet the brains behind the cutting edge innovation

George Prince
CEO

Founded two tech companies that sold to Gerber Scientific and CBS. Equity Portfolio Manager at the Royal Bank of Canada. Graduated Yale University.

George Prince

CEO

George Prince has founded 2 companies that have pioneered digital technologies where he invented and patented key technologies.  Both companies were acquired by NYSE companies (CBS and Gerber Scientific). Uniquely, in both companies, George innovated and invented solutions that both S&P 500 companies as well as small businesses could benefit from dramatically. Recently, as a multi-billion dollar portfolio manager for the Royal Bank of Canada, George specialized in research of cyber security, software, and tech companies.  Furthermore, George has been responsible for the setup and operations of manufacturing, sales, marketing, service, and finance for global manufacturing and tech companies.  Over the years, George has accumulated a vast network that should assist Modern ASP.  George graduated from Yale University with studies focused on business and advertising.

Learn More
Kinnaird McQuade
CTO & Architect

Former Lead Security Engineer positions at Square, Salesforce, and Synopsys. Creator of several open source security tools with millions of downloads.

Kinnaird McQuade

CTO & Architect

Kinnaird McQuade is an ethical hacker by trade and is recognized as an industry expert and leader in Cloud Security and Cloud Automation. Kinnaird has published open-source security tools with millions of downloads such as Cloudsplaining (~2m downloads), and Policy Sentry (~2m downloads) among others. He has been the primary architect and leader on major security initiatives at both Square and SalesForce.com. Throughout his career, he has consulted with leaders of Fortune 500 customers to improve and automate their security practices.  Passionate about innovation and security evangelism, he has presented his security tools and techniques at multiple security conferences, webinars, YouTube channels and podcasts. Kinnaird has held top security positions at Square, Salesforce, and Synopsys after getting both his undergrad and grad degrees in Cyber Security.

Learn More
John Stevens
Advisor

Over two decades of experience in software security and advising successful startups. Currently an advisor to CISOs within the financial space, and a fractional CTO to security startups.

John Stevens

Advisor

Over two decades of experience in software security and advising successful startups. Currently an advisor to CISOs within the financial space, and a fractional CTO to security startups.

Learn More
Jennifer Ceran
Board Member & Advisor

Held Treasurer, IR, and/or CFO roles at eBay, PayPal, Cisco, Box, Sara Lee, and Smartsheet. Board experience includes NerdWallet, Klaviyo, Auth0, Riskified, Wyze Labs, & NightVision.

Jennifer Ceran

Board Member & Advisor

Jennifer Ceran has over 30 years of senior finance experience at high growth, brand name companies. She has held key roles as VP, Treasurer, IR, and CFO at companies such as Smartsheet, Cisco, PayPal, eBay, Sara Lee, Klaviyo, Box, and more. As far back as 2006, Jennifer has been named as one of the "100 Most Influential People in Finance."  Jennifer has specialized in operations, finance, IT, Procurement, and Workplace Services. After graduating from Vanderbilt and the University of Chicago (MBA in Finance and Accounting), Jennifer's career has blossomed and she is now or recently been on Boards such as Auth0/Okta, NerdWallet, Klaviyo, Riskified, Wyze Labs, and many others.

Learn More
Sateesh Prabakaran
Advisor

Managing Director, Payments Technology at JPMorgan, which includes management of Modern DevOps teams and their code development and tools.

Sateesh Prabakaran

Advisor

Sateesh holds a leadership position with JP Morgan as Managing Director, Payments Technology. Sateesh guides JPM's Technical Architecture and Engineering Teams and is responsible for the Modern DevOps teams and their code development and tools. Sateesh is a strong Data, Technology & Product platform leader with 30 years of experience in Capital Markets, Asset Management, Financial infrastructure products, and services. He spent the last 20 years in the role of Head of Data, Platform Engineering, Architecture, Data Science & Cloud for Raymond James, BNY Mellon, and Standard & Poor’s with a mandate to drive both technology and business transformations. Previously, Sateesh worked in Programming languages Research at IBM (Watson) and Bell Labs, where he contributed to the development of C++ .

Learn More
Kathleen Destefano
Head of Finance

With over 40 years of experience as a CPA. Kathy started and sold businesses in multiple states, including one sold to Sanofi.

Kathleen Destefano

Head of Finance

Kathy has over 40 years of experience as a CPA, starting her first business in 1992. Kathy started and sold businesses in multiple states, including one sold to Sanofi. She will handle all of Nimbler’s initial accounting, financial, tax, and HR issues.

Learn More
Aidan Steele
Founding Engineer

AWS Serverless Hero. Industry-leading expert in AWS, serverless, and cloud security with over a decade of experience.

Aidan Steele

Founding Engineer

Aidan is an industry-leading expert in AWS, serverless, and cloud security. He has been building software in the cloud for over a decade. He is well-known for his creative work in open-source software and for creative security exploits in AWS itself.

Learn More
Lewis Ardern
Advisor

Lewis is an industry-leading expert in application security. He is a staff security researcher at R2C and is an expert in both DAST and SAST.

Lewis Ardern

Advisor

Lewis is an industry-leading expert in application security. He is a staff security researcher at R2C and is an expert in both SAST and DAST. At Synopsys, he was the JavaScript security Subject Matter Expert (SME), where he and Kinnaird met before they both moved to Salesforce.

Learn More
Didi Dayton
Board Director

Didi is labeled 'the best networker in Cybersecurity' Didi brings over 25 years of experience in building early-stage and hyper-scaled businesses, including 13 M&A and 3 post-merger integration teams (NYSE: ARW) and one IPO (NASDAQ: FEYE).

Didi Dayton

Board Director

Didi Dayton joined True Search in May 2022 as the firm’s head of platform & community. Didi is widely recognised as a resource for placing diverse talent on Boards of Directors, forging strategic alliances, and building uncharted routes to market for hyper-growth startups. Didi recently fulfilled a role as Growth and Strategy Executive at JupiterOne, a fast-growing cybersecurity startup. During her time, Didi built and launched the Alliance and Channel teams and programs in under one year for a network of 180 integration partnerships.

Prior to joining True, she served as Partner at Wing Venture Capital.  While at Wing, Didi successfully built and led the Customer Network with a F500 CXO community of over 1,500 executives across functions, fostering over 600 initial introductions to IT buyer customers. The Wing portfolio consisted of products and services from AI-powered applications, to Data and Analytics to Cybersecurity.

Labeled 'the best networker in Cybersecurity' Didi brings over 25 years of experience in building early-stage and hyper-scaled businesses, including 13 M&A and 3 post-merger integration teams (NYSE: ARW), one IPO (NASDAQ: FEYE), and significant early stage advisory experience with Companies like Forcepoint, FireEye, Tanium, and Cylance. Her teams generated $160M in LTR at SurfControl, and sales pipeline of over $1.2BN at Cylance.

Learn More