Introduction to XBOW Console

XBOW Console provides automated penetration testing for web applications and their APIs. The platform identifies security vulnerabilities by using AI to send requests to test your application.

What to expect from XBOW testing

XBOW systematically tests your application’s web pages and API endpoints, searching for security vulnerabilities. The platform validates exploitable vulnerabilities and provides evidence-based findings to help you prioritize remediation work.

Comparison with manual penetration testing

If you are testing an application that has recently undergone manual penetration testing with no reported issues, XBOW may produce similar results. However, automated testing enables broader attack coverage than most manual tests and may identify vulnerabilities that were not detected by manual testing.

Test result quality depends on application quality

Applications that are unstable, incomplete, or use end-of-life infrastructure may produce limited or unreliable results. For the best results, test applications that are internet accessible, fully functional, and maintained with current security practices.

Trusting XBOW to test your application

XBOW is regularly audited for compliance with SOC2 type 1 and type 2, and HIPAA. For more information, see XBOW’s Trust Center.

Your data is encrypted at all times:

At rest: AES-256 encryption using AWS KMS keys within your region
In transit: TLS 1.2/1.3 for all API, console, and assessment traffic
Backups: Encrypted and stored within the same region

You can read more about the security of your data in our Data Processing Addendum.

Choose your XBOW product

XBOW offers two products:

Lightspeed: Simplified setup with automated configuration. Access to essential options in XBOW Console.
Enterprise: Configurable testing parameters and advanced features. Access to all options in XBOW Console.

For pricing and a full feature comparison, see Plans & Pricing.

Data residency

This feature is in Private preview and subject to change. It is available only to Enterprise users on multi-tenant SaaS.

Data residency is currently offered in the European Union and in Asia Pacific.

Choose a data region. Make your choice based on your long-term requirements because the data region for an organization is permanent. If you want to change to a different region, you will need to re-onboard.

If your organization needs a region we do not yet support, talk to us.
Contact the XBOW sales team. Let them know which region you need. They will confirm availability and provision your organization.
Onboard in your region. Complete standard onboarding (organization setup, authentication, credentials) at your regional console URL.

Service Standard platform EU data residency Singapore data residency
Console console.xbow.com console.eu.xbow.com console.sg.xbow.com
API console.xbow.com/api console.eu.xbow.com/api console.sg.xbow.com/api
Use XBOW as normal. Create assets, run assessments, and review findings. All security-sensitive data is stored in your chosen region.

Service	Standard platform	EU data residency	Singapore data residency
Console	`console.xbow.com`	`console.eu.xbow.com`	`console.sg.xbow.com`
API	`console.xbow.com/api`	`console.eu.xbow.com/api`	`console.sg.xbow.com/api`

For more information, see Data residency.

Next step

Get started with Lightspeed