NEW TECH: How I started a company to supply democratized pentests to immunize websites

By Eden Zaraf

My name is Eden Zaraf. I’ve been driven by my passion for technology for as long as I can remember. Somewhere around the age of 13, I learned to code. I developed scripts, websites and got involved in security which led me to penetration testing.

Related: Leveraging employees as detectors

Penetration Testing is a never-ending challenge. Five years ago, my friend Sahar Avitan, who is the co-founder and CEO of Kayran, began developing an automatic penetration testing tool for our own use.

A year and a half ago, we decided to turn it into a commercial platform. I was sitting in a classroom when I had this Eureka moment. I realized that our technology could actually help people. I decided to meet with my neighbor, Arik Assayag. I said to myself, if he thinks we can market it, let’s go for it. He did and, together with Sahar and I, co-founded  Kayran.

We supply an advanced web application scanner that’s unique in the world of web penetration testing.

Website vector

Every company which currently operates online should have access to web penetration testing regardless of its size or the industry in which it operates. In the digital era, online security should be a right, not a privilege. Web penetration testing allows security professionals and website owners to test the integrity of their web assets.

There is tremendous investment in training sales and marketing personnel. So why not invest in your most prominent representative, your website?

Your website is the platform through which you offer services, communicate with existing and potential customers and collect critical data. Every element of your web application can embed vulnerabilities. A form on your website can lead to injections.


A vulnerability in the host header of your website can redirect your users to the wrong domain and lead to a credential leak. Unlike physical assets, web applications have an increased level of exposure to potential attackers simply because anyone with a viable internet connection can access your website, study it and exploit existing vulnerabilities.

As such, we test everything: vulnerabilities in your code, outdated technologies, open ports and online subdomains. We give you the tools to never think twice about how secure your website is.

Democratized pentests

By now, the importance of penetration testing is known to most companies. An essential component of ISO 27001 compliance is performing penetration tests as it can effectively identify where to make improvements to the information security management system of an organization.

However, many organizations face difficulties when trying to get access to web penetration testing. Manual penetration testing is extremely costly and makes it hard for organizations to perform the test more than once or twice a year even though this clearly defeats the purpose as new vulnerabilities appear on a daily basis.

Kayran democratizes access to pen testing by allowing organizations to scan domains and subdomains independently and on an unlimited scale at a set and affordable price. There are two types of websites: single page applications and multiple page applications, we support both.

We believe in usable security that does not disrupt online activities as such we automatically adjust the speed of the requests sent to your website so that it never goes offline. We analyze your code, reveal customized payloads based on existing vulnerabilities and recommend patching methods.

Website immunization

Once you fix a specific vulnerability, you can scan again to check that it no longer exists. We support more than 20,000 vulnerabilities as well as zero days. Kayran simplifies security to enable anyone, regardless of whether they are technical or not, to gain visibility over the security of their web assets.

Furthermore, Kayran provides the ability to extend the pen test to login pages so that the session continues once authentication is completed.

In my eyes, everything should be pen tested from internal networks to mobile applications, and Kayran is slowly but surely moving towards offering infrastructure and mobile app pen testing.In its latest State of Phishing Report, SlashNext analyzed billions of link-based URLs, attachments and natural language messages in email, mobile and browser channels over six months in 2022 and found more than 255 million attacks —a 61 percent increase in the rate of phishing attacks compared to 2021.

The only way to make attacks a phenomenon of the past is to get protection to immunize ourselves against this trend and finally make it go away or at least contain it so that it no longer disturbs commercial and private online activity.

About the essayist: Eden Zaraf is 18 years old. He is the co-founder and CTO of  Kayran. He enjoys helping  individuals and organizations solve complicated Python coding problems.

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone