PayloadTotal is a web-based application designed to evaluate how well your security solutions detect malicious payloads.

By submitting payloads against various security products, you gain clear insight into detection coverage and potential blind spots.

PayloadTotal sends requests crafted with your payload to application security providers.

Based on the response received, our engine evaluates if the request was blocked or authorized.

The "Search" function will look into the database for the exact same payload and display the result of the last test, without sending it to the AppSec platforms.

Sanctioned means that the AppSec solution provider has been involved in the setup of its platform.

In some cases tests are performed on third-party installations which are not sanctionned by the provider.

The database only stores the payload, the result and the time of the last test.

Database access is planned and will be provided through subscription. Don't hesitate to contact us for early access.

Yes! All solution vendors who want to be officially included in the test are welcome to contact us. In the meantime, we will add unsanctioned solutions as opportunities arise.