Complete coverage of your external attack surface
Full EASM solution
Customized, scalable, and flexible External Attack Surface Management
Talk to us to learn more about how Surface Monitoring and Application Scanning give broader and deeper coverage of your attack surface. Our team will set you up with a customized 2-week free trial to help you get the most out of our External Attack Surface Management platform.
Continuous and automated
discovery, inventory, and monitoring of all Internet-facing assets.
Set custom policies
on your attack surface and get alerted when changes are identified.
Unique crawling and fuzzing engine
optimized for security testing of modern web applications.
99.7% accuracy rate
of vulnerability assessments through payload-based testing.
Enrich assets with critical information
such as open ports, DNS record types, and technologies hosted on each asset.
Monitor enterprise products
and prevent malicious hackers from accessing business data stored on your systems.
Small attack surface
For small attack surfaces, we offer a self-serve option
We recommend combining Surface Monitoring and Application Scanning for the most comprehensive external attack surface coverage. After your trial is over, you can buy directly in tool.Start 2-week free trial
Included in a 2-week free trial:
- Surface Monitoring: 2 apex domains with continuous monitoring for the whole trial period.
- Application Scanning: 5 scan profiles (domains or subdomains), with unlimited scans per scan profile.
- No card needed to get started.
SCAN WHAT YOU HOST
from $289 /month
Includes up to 25 subdomains, billed annually.
Continuously monitor and secure known and unknown internet-facing assets.Learn more
SCAN WHAT YOU BUILD
from $89 /month
Per scan profile, billed annualy.
Run in-depth and unlimited scans against your web apps with targeted scan profiles.Learn more
This page is for informational purposes only and is subject to change. For detailed pricing, contact sales.
See what our customers think
Don't just take our word for it. We've helped several of the world's most popular digital product companies, organizations with many subsidiaries, and those with issues in third-party software and supply chains stay secure.Read case studies
SENIOR ENGINEERING MANAGER
“There are a lot of extremely noisy tools, and they generate a lot of findings, but to get to the true positives, you have to spend a lot of time analyzing the results. So we were very happy with the low rate of Detectify's false positives.”
DIRECTOR OF INFORMATION SECURITY
“With Surface Monitoring, we found subdomains we didn’t know we had. Not only would we likely not have found these subdomains, but we also wouldn’t have known about them until someone did something really nasty on one of them and held us to ransom over it.”
SECURITY TRIAGE LEAD
“We used other tools before, but we chose Detectify because it helps us reduce false positives and gets much information from the availability perspective.”
Certification and awards
Frequently asked questions
Here are some of the most frequently asked questions we receive and their answers, all gathered in one place.
Why do you recommend your full EASM solution?
Our full External Attack Surface Management solution offers complete coverage of your entire attack surface. Although Surface Monitoring and Application Scanning can be used separately, we recommend using them together to ensure you don't miss anything on your external attack surface.
Both products complement each other - Surface Monitoring gives you a comprehensive view of your attack surface, while Application Scanning gives you deeper insights on custom-built applications.
Why should I pick Detectify to help me with External Attack Surface Management?
Detectify was founded by ethical hackers and continues to work closely with the ethical hacking community - Crowdsource is one of the things that makes us unique, after all. Research from our community of ethical hackers helps us build new tests and continuously add them to the Detectify platform daily. This ensures that our customers constantly monitor and scan their growing attack surface for the latest, previously unknown vulnerabilities. External Attack Surface Management has been on our radar for several years, and we're working hard to continue developing Detectify and offer our customers the best attack surface coverage.
How do I get started? (Full EASM solution)
Scheduling a short demo is the best way to get started if you have multiple domains, subdomains, and web applications you want to monitor. Our sales team will help you get the most out of your trial with a customized set-up based on your attack surface needs.
How do I get started? (For small attack surfaces)
For small attack surfaces, a 2-week free trial is the easiest way to get started. When you sign up for a trial, you'll have to add and verify ownership of the domains you would like to test to confirm that you're authorized to run security tests on them. Once your domains are verified, you're ready to start using Detectify. Simply 'toggle on' Surface Monitoring to begin continuous monitoring and run your first scan with Application Scanning.
What’s included in a 2-week free trial?
You’ll get access to both Surface Monitoring and Application Scanning during your 2-week free trial.
Surface Monitoring: During your free trial, you can add up to 2 apex domains and will get continuous monitoring of these for the whole trial period.
Application Scanning: During your free trial, you can add up to 5 domains or subdomains as separate scan profiles, with an unlimited number of scans per scan profile.
This ensures that you can explore both the breadth and depth of your attack surface and maximize product use during the trial.
What happens after my trial has ended?
You’ll still be able to log in to the tool and access old results, but you’ll no longer be able to monitor your assets or run new scans. If you delete your Team, this will remove any data. To continue using either or both products, you need to become a paying customer.
What are Scan Profiles and Assets?
A Scan Profile can be a domain, subdomain, or IP address you own, which can be configured and customized to suit your needs. It represents the application or part of the application you would like to run in-depth scans on.
Assets are domains that you want to monitor or scan. We recommend adding apex or root level domains to get maximum coverage of your attack surface when adding assets.
Does Detectify integrate with my existing workflow?
Yes! We believe security should be part of your everyday workflow, which is why we love integrations that allow us to push Detectify notifications to the channels you're using.
Don't see a service you utilize among our integrations? We work with our customers to continuously update the list of integrations. Reach out to us.
What forms of payment do you accept?
We accept credit cards (Visa, MasterCard, American Express, Diners Club) and annual invoices (The minimum order value for an invoice is $1650/€1500).
I still have questions; who can I reach out to?