Application Scanning Features

Crawler

Unique crawler optimized for security testing

Crawling is an essential part of Application Scanning. It helps explore your website by navigating through the different pages and states, indexing them, and gathering data that serves as input for running tests that produce your findings. 

Our updated crawler gathers extensive crawling data, enabling Application Scanning to increase vulnerability findings. It has robust support for modern web technology, allowing it to crawl more sites so that a larger customer base can benefit from Application Scanning. To enable the updated crawler, toggle on "Crawling experiments" in Beta features.

Fuzzing

Fuzzing combined with ethical hacking research

Fuzz Testing is a security testing technique that relies on manipulating input data with special or even random values called FUZZ into a software system to discover coding errors and security loopholes. 

To enable a DAST scanner to behave like an automated hacker, our team fundamentally upgraded the way we do fuzzing, making it more creative in finding various vulnerabilities. The new fuzzing engine allows us to find new areas to detect new security-related bugs or other unexpected behaviors. Instead of doing static testing when a scanner checks for expected responses, the new fuzzer performs increased exploratory testing to locate those more innovative and business-critical security vulnerabilities faster than before.

See our recent blog article on Fuzzing for further details here.

Scan behind login

Authenticated testing

Most web applications have areas that everyone can access and areas that are only accessible to users with an account. Examples include: 

  • Users logged in to an e-commerce site 
  • A forum
  • A protected development
  • A pre-production environment

A user often has access to more functionality when logged in, including posting comments on a forum, uploading pictures to their profile, or completing a purchase. 

A comprehensive security evaluation of any web application needs to be able to test areas behind a login. Detectify offers three options for scanning behind login: recorded login, basic authentication, and session cookies. 

When we’re able to perform authenticated testing, we will find more vulnerabilities and will be able to access things that different users can access.

Large applications

Scanning vast web apps

While scanning vast apps, our crawler looks for common structures and can filter similar pages, reducing scan time.

The Detectify crawler can: 

  • Cover pages rendered by Javascript
  • Detect and collect dynamic pages much better than a regular crawler
  • Gather more extensive crawling data for more in-depth results

Fingerprinting

Fingerprinting for personalized security testing

During a scan, Application Scanning performs extended fingerprinting of your domains and the software they run, including resolving the CMS (if any), the technology stack, and the operating system. This then customizes the subsequent vulnerability scanning phase and activates additional tests applicable to the specific technology identified. 

For greater scalability and to face ever-evolving security threats, fingerprinting allows us to expand our security tests without overloading with irrelevant tests to match your needs. 

For example, suppose 80% of our customers work with WordPress. In that case, we can find more diverse WordPress vulnerabilities, benefiting a more extensive customer base.


Product Updates

Interested in the latest product updates and features?
These can be found here.

Get flexible, scalable, and easy scanning with Application Scanning

  • OWASP Top 10 view and beyond: Check your site's OWASP Top 10 score and test for less common and more critical, undocumented vulnerabilities.

  • API integration: Start, stop and check the status of scans. (Extensive API functionality and easy domain verification are available in our Get it all package.)

  • 2FA: Two-factor authentication for all users in the team. (Extended authentication control with 2FA and SSO access is available in our Get it all package.)

  • Up to 10 team members: Share scan profiles within your team with controlled user permissions. (Further multi-team set-up is available for flexible organizing of assets, access levels, and results in our Get it all package.)

  • Export reports: Export the results from your latest scan (PDF, XML, JSON, plus more).

  • Multiple payment methods: Payment via invoice or credit card. (Minimum order value via invoice $1650/€1500)

  • Customer support: We'll answer your unique questions and help you make web security as accessible and actionable as possible.

Go Hack Yourself!

Unlimited scanning free for 2 weeks

Get Started