Create your solution

When you combine all our products you get the full benefits from our AppSec platform. Discover, classify, and scan all assets across your attack surface with DAST methods. You will secure your domains, apps, and APIs with automatic continuous real-world, payload-based testing.

Although Surface Monitoring, Application Scanning, and API Scanning can be used separately, we recommend using them together to ensure you don't miss anything on your attack surface.

The products complement each other - Surface Monitoring gives you a comprehensive view of your attack surface, while also running lightweight testing across it. Application Scanning and API Scanning gives you deeper insights on your custom-built applications and APIs. We make use of insights from Surface Monitoring to improve Application Scanning and focus on providing you with ease of use and automation that isn’t offered by traditional DAST scanners. Solving the problem of knowing what to test and why.

Detectify is built for AppSec teams to confidently scale dynamic testing to every asset on their attack surface.

Surface Monitoring is a unique concept that runs not only discovery but also vulnerability testing at scale, across your entire attack surface. It is also the base for informing you where to scan in-depth by classifying assets on your attack surface. It recommends assets for further testing with Application Scanning and API Scanning. Both going deeper where it matters, utilizing stateful testing and advanced fuzzing.

The platform presents changes to your attack surface and guides you on where to use resources more effectively.

We know AppSec cannot forget about DNS security. One example are DNS takeovers, we invented the concept, and are the best at finding them.

All our tests are built in-house based on three sources:

1. Using research from our internal team of security researchers, some being among the top ethical hackers in the world.
2. Using crowdsourced research from our community of elite ethical hackers, Crowdsource.
3. Alfred, our AI researcher, autonomously discover and build tests for CVEs that are relevant to our customers.

These sources allow us to have a well-distributed coverage across relevant technologies. We do not build in any and all CVE because we all know that all are not relevant and cannot be accurately tested for.

All our tests are payload-based as we understand how valueable a high signal-to-noise ratio is.

We do all this with high standards regarding ease of use, both in the tool and in collaboration with us.

Detectify uses a data-driven process to recommend which applications need in-depth scanning, moving beyond guesswork:

1. Asset Discovery: Detectify first discovers your entire external attack surface using the Surface Monitoring product, identifying all subdomains and associated web assets.
2. Asset Classification: Detectify then automatically classifies these discovered assets by analyzing their technical characteristics, mimicking an attacker's reconnaissance. It looks at attributes like the technologies used, the presence of login forms, and the configuration of security headers to determine if an asset is a simple static page or a complex, interactive web application.
3. Scan Recommendations: Based on this classification, the platform provides intelligent Scan Recommendations, highlighting the complex applications that are most likely to be attractive targets for attackers and would benefit most from a deep DAST scan.

Scheduling a short demo is the best way to get started if you have multiple domains, subdomains, and web applications you want to monitor. Our sales engineers will help you get the most out of your trial with a customized set-up based on your attack surface needs.

For covering a single or few assets, a 2-week free trial is the easiest way to get started. When you sign up for a trial, you'll have to add and verify ownership of the domain you would like to test to confirm that you're authorized to run security tests on it. Once your domain is verified, you're ready to start using Detectify. Simply 'toggle on' Surface Monitoring to begin continuous monitoring and run your first scan with Application Scanning.

Read more about getting started and domain verification.

You’ll get access to both Surface Monitoring and Application Scanning during your 2-week free trial.

Surface Monitoring: During your free trial, you can add up to 2 apex domains and will get continuous monitoring of these for the whole trial period.

Application Scanning: During your free trial, you can add up to 5 domains or subdomains as separate scan profiles, with an unlimited number of scans per scan profile.

This ensures that you can explore both the breadth and depth of your attack surface and maximize product use during the trial.

You’ll still be able to log in to the tool and access old results, but you’ll no longer be able to monitor your assets or run new scans. If you delete your Team, this will remove any data. To continue using either or both products, you need to become a paying customer.

Detectify is designed to be easy to set up and start seeing results. The process is straightforward :

Start by connecting Detectify to your cloud or DNS providers (like AWS, Azure, or Cloudflare) for fully automated asset discovery. Alternatively, you can manually add your main domains.

Once the root assets are configured, enable Surface Monitoring with one click to begin the discovery of your attack surface. Straight away Surface Monitoring initiates automatic classification of your assets and intelligent recommendations for critical applications and APIs to scan more in-depth.

Most business critical assets need authenticated scanning. You can easily provide credentials or use a Chrome plugin to record a login sequence.

You will start seeing findings from Surface Monitoring, Application Scanning, and API Scanning within minutes.

For quick remediation and workflow integrations, make use of our no-code platform via Workato or our versatile API.

A Scan Profile can be a domain, subdomain, or IP address you own, which can be configured and customized to suit your needs. It represents the application or part of the application you would like to run in-depth scans on.

Assets are domains that you want to monitor or scan. We recommend adding apex or root level domains to get maximum coverage of your attack surface when adding assets.

Yes! We believe security should be part of your everyday workflow, which is why we love integrations that allow us to push Detectify notifications to the channels you're using.

Don't see a service you utilize among our integrations? We work with our customers to continuously update the list of integrations. Reach out to us.

We accept credit cards (Visa, MasterCard, American Express, Diners Club) and annual invoices (The minimum order value for an invoice is $1650/€1500).

Yes - Our complete solution is available on AWS Marketplace through private offer.

You can contact us if you need further help, or check out Knowledge Base for tips on getting started, configurations, settings, and more.