testa.run

AI-based QA & security-testing that works.

Comment

TL;DR

We built testa.run, an AI-powered QA and security agent platform that automatically explores and tests websites for vulnerabilities, API flaws, database misconfigurations, and UX issues. You can follow the agent in real time with a complete dashboard with actionable reports. Our product is fully deployed and customer-ready, and has already uncovered critical vulnerabilities in real-world platforms.

Inspiration

The idea came from that vibe-coding has drastically increased in popularity, but can hallucinate, we were helping colleagues and friends with their vibecoded websites and we managed to identify security vulnerabilities simply by knowing what to look for. We turned this into a SaaS product.

What it does

The user signs up and adds their website as a project. The software deploys agents that navigate around the website testing everything from database and API policies to UI and UX. The user gets a report of all the issues that it finds and also gets to see the agent work in real time in an interactive environment that is friendly for the user to look around in. We have a complete dashboard with features helping you understand and solve the issues.

How we built it

We picked a monorepo stack based on Next.js, the agent infrastructure which is the most complex is a customized fork version of OpenClaw that we are running on cloud hosted VPSs with load balancing and tricks to scale up load smoothly. We used a lot of AI based development to speed up dev time by a great margin.

Challenges we ran into

Just the pure amount of work that had to be made and the complexity of the agent structure was incredibly demanding and challenging, designing the API structure for our QA agent and all the data formats was really technical and complex and took a lot of energy to get right. It was basically coding the whole night to get done in time, the complexity of officially launching the product instead of running it on localhost really increased how challenging the development is but that is something we take great pride in and that we definitely do not regret, finishing up all the loose edges in the application is another really time consuming task that we wanted to really get right.

Accomplishments that we're proud of

We believe that our security agent is better than the competitors that already exist on the market. We have found real vulnerabilities that have slipped past developers for almost every website we have tested. Including websites like HackEurope's platform itself (where we identified really critical vulnerabilities that basically allow you to compromise users), but also an established company like Lovable. A lot of people at hackathons take shortcuts and use mock data or demo their project in localhost. We have deployed everything and our whole platform is customer ready with potential customers that have shown interest in the product.

What we learned

One of the key things that we feel could get us less credibility for the jury was that the quality of the pitch video fell short in comparison to the product we built. We hoped that the product would speak for itself but in the future recording the video last minute is not something we are going to repeat. So that is for sure something to take with us.

What's next for testa.run

We are exploring opportunities to really take this to market. We really are just a couple of hours away from a GitHub and Codex integration that will allow for us to solve the errors that we identify instead of just adding them to the backlog. So that is a feature that we know people have shown interest in.

Built With

Share this project:

Updates