Complete coverage of your external attack surface

Full EASM solution

Small attack surface

A complete standalone EASM platform

Start a trial today and see how Surface Monitoring and Application Scanning give broader and deeper coverage of your attack surface and how we help AppSec and ProdSec teams from 1,900+ organizations discover, assess, prioritize and remediate critical weaknesses in their attack surfaces.

Start 2-week free trial

How we calculate prices

Full EASM solution benefits:

Continuous coverage 24/7

discover and monitor your modern tech stack with daily insights about every exposed asset.

Unique crawling and fuzzing engine

that goes beyond the capabilities of a “traditional” DAST scanner.

Monitor large enterprise products

and prevent hackers from accessing your organization's most sensitive data.

Accurate results that save time

99.7% accuracy in vulnerability assessments with 100% payload-based testing.

Get exclusive features

including SSO, API access, bypass/automatic domain verification, custom modules, and attack surface custom policies.

Spot risks before they're exploited

by enriching assets with critical information like open ports, DNS record types, and technologies.

For small attack surfaces, we offer a self-serve option

We recommend combining Surface Monitoring and Application Scanning for the most comprehensive external attack surface coverage. After your trial is over, you can buy directly in tool.

Start 2-week free trial

Included in a 2-week free trial:

  • Surface Monitoring: 2 apex domains with continuous monitoring for the whole trial period.
  • Application Scanning: 5 scan profiles (domains or subdomains), with unlimited scans per scan profile.
  • No card needed to get started.
Start 2-week free trial


Surface monitoring

from €249 /month

Includes up to 25 subdomains, billed annually.

Continuously monitor and secure known and unknown internet-facing assets.

Go to product page


Application Scanning

from €74 /month

Per scan profile, billed annually.

Run in-depth and unlimited scans against your web apps with targeted scan profiles.

Go to product page

This page is for informational purposes only and is subject to change. For detailed pricing, contact sales.


See what our customers think

Don't just take our word for it. We've helped several of the world's most popular digital product companies, organizations with many subsidiaries, and those with issues in third-party software and supply chains stay secure.

Read case studies

Marcin Hoppe



“There are a lot of extremely noisy tools, and they generate a lot of findings, but to get to the true positives, you have to spend a lot of time analyzing the results. So we were very happy with the low rate of Detectify's false positives.”

Michelle Tolmay



“With Surface Monitoring, we found subdomains we didn’t know we had. Not only would we likely not have found these subdomains, but we also wouldn’t have known about them until someone did something really nasty on one of them and held us to ransom over it.”

Catalin Curelaru



“We used other tools before, but we chose Detectify because it helps us reduce false positives and gets much information from the availability perspective.”

Certification and awards

G2 Badge Fastest Implementation 2023
G2 Badge Leader 2023
G2 Badge High Performer 2023
G2 Badge Users Love Us

Frequently asked questions

Here are some of the most frequently asked questions we receive and their answers, all gathered in one place.

  • Why do you recommend a full EASM solution?

    Our full External Attack Surface Management platform offers complete coverage of your entire attack surface. It is the only EASM platform that fully automates continuous real-world, payload-based attacks crowdsourced through its global community of elite ethical hackers.

    Although Surface Monitoring and Application Scanning can be used separately, we recommend using them together to ensure you don't miss anything on your attack surface.

    Both products complement each other - Surface Monitoring gives you a comprehensive view of your attack surface, while Application Scanning gives you deeper insights on custom-built applications. We make use of insights from Surface Monitoring to improve Application Scanning and focus on providing our customers with ease of use and automation that isn’t offered by many of the traditional DAST scanners on the market.

  • Why should I pick Detectify to help me with External Attack Surface Management?

    Detectify embraces the best of both DAST and EASM - our solution applies DAST methodology with an External Attack Surface Management mindset to deliver the most value to AppSec and ProdSec teams. You can read more about how here.

    We also take DAST another step further by utilizing crowdsource-fueled DAST. Both Surface Monitoring and Application Scanning leverage the same insights from our unique community of ethical hackers. Crowdsource focuses on the automation of vulnerabilities rather than fixing bugs for specific clients. By discovering undocumented security vulnerabilities through Crowdsource, we make it possible to go beyond the coverage of CVEs.

  • How do I get started? (Full EASM solution)

    Scheduling a short demo is the best way to get started if you have multiple domains, subdomains, and web applications you want to monitor. Our sales team will help you get the most out of your trial with a customized set-up based on your attack surface needs.

  • How do I get started? (For small attack surfaces)

    For small attack surfaces, a 2-week free trial is the easiest way to get started. When you sign up for a trial, you'll have to add and verify ownership of the domains you would like to test to confirm that you're authorized to run security tests on them. Once your domains are verified, you're ready to start using Detectify. Simply 'toggle on' Surface Monitoring to begin continuous monitoring and run your first scan with Application Scanning.

    Read more about getting started and domain verification.

  • What’s included in a 2-week free trial?

    You’ll get access to both Surface Monitoring and Application Scanning during your 2-week free trial.

    Surface Monitoring: During your free trial, you can add up to 2 apex domains and will get continuous monitoring of these for the whole trial period.

    Application Scanning: During your free trial, you can add up to 5 domains or subdomains as separate scan profiles, with an unlimited number of scans per scan profile.

    This ensures that you can explore both the breadth and depth of your attack surface and maximize product use during the trial.

  • What happens after my trial has ended?

    You’ll still be able to log in to the tool and access old results, but you’ll no longer be able to monitor your assets or run new scans. If you delete your Team, this will remove any data. To continue using either or both products, you need to become a paying customer.

  • What are Scan Profiles and Assets?

    A Scan Profile can be a domain, subdomain, or IP address you own, which can be configured and customized to suit your needs. It represents the application or part of the application you would like to run in-depth scans on.

    Assets are domains that you want to monitor or scan. We recommend adding apex or root level domains to get maximum coverage of your attack surface when adding assets.

  • Does Detectify integrate with my existing workflow?

    Yes! We believe security should be part of your everyday workflow, which is why we love integrations that allow us to push Detectify notifications to the channels you're using.

    Don't see a service you utilize among our integrations? We work with our customers to continuously update the list of integrations. Reach out to us.

  • What forms of payment do you accept?

    We accept credit cards (Visa, MasterCard, American Express, Diners Club) and annual invoices (The minimum order value for an invoice is $1650/€1500).

  • I still have questions; who can I reach out to?

    You can contact us if you need further help, or check out Knowledge Base for tips on getting started, configurations, settings, and more.