Overview
White box testing examines your application with full internal knowledge, including the source code — the most comprehensive form of penetration testing. In CodeAnt, white box testing is delivered by AI Exploitation: AI agents read your codebase end-to-end and chain vulnerabilities into real attack paths, validate exploitability, and surface the issues attackers would actually reach in production — not just isolated, theoretical findings.Watch it in action
Key Features
- Full source-code analysis: Agents explore the repository to trace untrusted input from source to sink across the whole code path.
- Attack-path chaining: Findings are connected into realistic, exploitable attack paths rather than reported in isolation.
- Two scan modes:
- High Precision — tuned for a low false-positive rate; reports only findings it can verify end-to-end (untrusted source → unsafe sink, with no mitigation in the path).
- High Recall — a broader scan that surfaces more potential vulnerabilities.
- Broad vulnerability coverage: RCE (command injection, SSTI, deserialization), SQL/NoSQL injection, authentication/authorization bypass, SSRF, hardcoded secrets, cryptographic misuse, XSS, path traversal, and more.
How It Works
Scope the scan (optional)
Optionally narrow coverage with include / exclude file patterns to focus on the areas that
matter most.
Availability
AI Exploitation is part of the Code Security plan. Your first scan is free; additional scans use credits.Looking for a deeper security analysis after a SAST scan? AI Exploitation chains the vulnerabilities
in your code into real attack paths and validates which ones are actually exploitable — see
Application security for the static analysis it builds on.