Contact Sales
Detectify EASM platform
  • Platform overview

    An overview of how Surface Monitoring and Application Scanning work together to form our EASM platform

  • Surface Monitoring

    Our product that offers continuous monitoring of known and unknown Internet-facing assets

  • Application Scanning

    Our product that runs in-depth and unlimited scans on web applications for deeper coverage

Solutions by use case
Solutions by industry
  • Technology

    Solve common challenges faced by technology organizations

  • Consumer packaged goods

    Get more visibility and control over your digital products

  • Media & Gaming

    Manage digital transformation and secure what you're hosting in the cloud

  • Public Sector

    For agencies, higher education, and European governments

New e-book: How EASM is outpacing DAST for AppSec teams Start 2-week free trial
Watch a demo Talk to sales
Detectify Crowdsource
  • What is Crowdsource?

    How Detectify customers benefit from our community of elite ethical hackers

  • Meet the community

    Meet some of our ethical hackers who come from all corners of the globe

  • Leaderboard

    See which ethical hackers are leading for the quarter, year, and all time

FOR ETHICAL HACKERS
  • Join Crowdsource

    Ready to join? Solve our Crowdsource Challenge and become part of our community

Start 2-week free trial
Watch a demo Talk to sales
Resource Center
  • All resources

    Explore case studies, webinars, e-books, whitepapers and videos

  • Case studies

    Learn how Detectify is an essential tool in these customer stories

  • Webinars

    Webinars and recordings to level up your EASM knowledge

  • E-books & Whitepapers

    Browse and download e-books and whitepapers on EASM and related topics

  • Events

    Register and browse for both online and in person events and webinars

  • Detectify Blog

    Read the latest product updates, news, industry insights and best practices

  • E-books & Whitepapers

    Browse and download e-books and whitepapers on EASM and related topics

  • Events

    Register and browse for both online and in person events and webinars

  • Detectify Blog

    Read the latest product updates, news, industry insights and best practices

Trending Topics
Start 2-week free trial
Watch a demo Talk to sales
Products & Solutions Resources Crowdsource Partners Pricing About us
Products & Solutions
Platform overview Surface Monitoring Application Scanning
Solutions by use case Attack surface protection Prevent subdomain takeover Scaling organizations
Solutions by Industry Technology Consumer packaged goods Media & Gaming Public Sector
Start 2-week free trial
Watch a demo Talk to sales
Crowdsource
Detectify Crowdsource What is Crowdsource? Meet the community Leaderboard
For ethical hackers Ethical hacking with us How Crowdsource works Detectify Labs
Start 2-week free trial
Watch a demo Talk to sales
Resources
Resource Center All resources Case studies Webinars E-books & Whitepapers Events Detectify Blog
Trending Topics External Attack Surface Management Common attack vectors
Start 2-week free trial
Watch a demo Talk to sales

Application Scanning Features

Crawler

Unique crawler optimized for security testing

Crawling is an essential part of Application Scanning. It helps explore your website by navigating through the different pages and states, indexing them, and gathering data that serves as input for running tests that produce your findings. 

Our updated crawler gathers extensive crawling data, enabling Application Scanning to increase vulnerability findings. It has robust support for modern web technology, allowing it to crawl more sites so that a larger customer base can benefit from Application Scanning. To enable the updated crawler, toggle on "Crawling experiments" in Beta features.

Fuzzing

Fuzzing combined with ethical hacking research

Fuzz Testing is a security testing technique that relies on manipulating input data with special or even random values called FUZZ into a software system to discover coding errors and security loopholes. 

To enable a DAST scanner to behave like an automated hacker, our team fundamentally upgraded the way we do fuzzing, making it more creative in finding various vulnerabilities. The new fuzzing engine allows us to find new areas to detect new security-related bugs or other unexpected behaviors. Instead of doing static testing when a scanner checks for expected responses, the new fuzzer performs increased exploratory testing to locate those more innovative and business-critical security vulnerabilities faster than before.

See our recent blog article on Fuzzing for further details here.

Scan behind login

Authenticated testing

Most web applications have areas that everyone can access and areas that are only accessible to users with an account. Examples include: 

  • Users logged in to an e-commerce site 
  • A forum
  • A protected development
  • A pre-production environment

A user often has access to more functionality when logged in, including posting comments on a forum, uploading pictures to their profile, or completing a purchase. 

A comprehensive security evaluation of any web application needs to be able to test areas behind a login. Detectify offers three options for scanning behind login: recorded login, basic authentication, and session cookies. 

When we’re able to perform authenticated testing, we will find more vulnerabilities and will be able to access things that different users can access.

Large applications

Scanning vast web apps

While scanning vast apps, our crawler looks for common structures and can filter similar pages, reducing scan time.

The Detectify crawler can: 

  • Cover pages rendered by Javascript
  • Detect and collect dynamic pages much better than a regular crawler
  • Gather more extensive crawling data for more in-depth results

Fingerprinting

Fingerprinting for personalized security testing

During a scan, Application Scanning performs extended fingerprinting of your domains and the software they run, including resolving the CMS (if any), the technology stack, and the operating system. This then customizes the subsequent vulnerability scanning phase and activates additional tests applicable to the specific technology identified. 

For greater scalability and to face ever-evolving security threats, fingerprinting allows us to expand our security tests without overloading with irrelevant tests to match your needs. 

For example, suppose 80% of our customers work with WordPress. In that case, we can find more diverse WordPress vulnerabilities, benefiting a more extensive customer base.


Product Updates

Interested in the latest product updates and features?
These can be found here.

Get flexible, scalable, and easy scanning with Application Scanning

  • OWASP Top 10 view and beyond: Check your site's OWASP Top 10 score and test for less common and more critical, undocumented vulnerabilities.

  • API integration: Start, stop and check the status of scans. (Extensive API functionality and easy domain verification are available in our Enterprise package.)

  • 2FA: Two-factor authentication for all users in the team. (Extended authentication control with 2FA and SSO access is available in our Enterprise package.)

  • Up to 10 team members: Share scan profiles within your team with controlled user permissions. (Further multi-team set-up is available for flexible organizing of assets, access levels, and results in our Enterprise package.)

  • Export reports: Export the results from your latest scan (PDF, XML, JSON, plus more).

  • Multiple payment methods: Payment via invoice or credit card. (Minimum order value via invoice $1650/€1500)

  • Customer support: We'll answer your unique questions and help you make web security as accessible and actionable as possible.

Go Hack Yourself!

Unlimited scanning free for 2 weeks

Get Started