Application Scanning Features

Unique crawler optimized for security testing

Crawling is an essential part of Application Scanning. It helps explore your website by navigating through the different pages and states, indexing them, and gathering data that serves as input for running tests. Basically creating a map of the website used to guide out assessment engines. This way you don’t have to manually configure how and where testing will be deployed.

We continuously update our crawler and how it interacts with web applications. It is built to handle websites using both traditional as well as modern web technologies. JavaScript heavy and single-page applications are of course supported. It is also efficient when faced with large websites as it dynamically adapts to the structure and asset types within.

Fuzzing combined with ethical hacking research

Fuzz Testing, or fuzzing, is a security testing technique that relies on manipulating input data with special or even random values, called FUZZ, into a software system to discover coding errors and security loopholes.

To enable a DAST scanner to behave like an automated hacker, we have reimagined the way we do fuzzing, making it more creative in finding various vulnerabilities. Our fuzzing engine allows us to find new areas to detect new security-related bugs or other unexpected behaviors. Instead of doing static testing when a scanner checks for expected responses, the fuzzer performs increased exploratory testing to locate those more innovative and business-critical security vulnerabilities faster than before.

Authenticated testing

Most web applications have areas that everyone can access and areas that are only accessible to users with an account. Examples include: 

• Users logged in to an e-commerce site 
• A forum
• A protected development
• A pre-production environment

A user often has access to more functionality when logged in, including posting comments on a forum, uploading pictures to their profile, or completing a purchase. 

A comprehensive security evaluation of any web application needs to be able to test areas behind a login. Detectify offers three options for scanning behind login: recorded login, basic authentication, and session cookies. 

When we’re able to perform authenticated testing, we will find more vulnerabilities and will be able to access things that different users can access.

Scanning vast web apps

While scanning vast apps, our crawler looks for common structures and can filter similar pages and assets, reducing scan time. We have been focusing on expanding our crawling capabilities by grouping assets by purpose, optimizing the mapping of customer assets, and making it possible to continue crawling from where a previous scan concluded. These improvements will not just mean our crawling is more efficient, but it will allow us to go even deeper into user assets by combining what we have learned through previous scans and the latest vulnerabilities we’ve crowdsourced from elite ethical hackers.

The Detectify crawler can:

• Cover pages rendered by Javascript
• Detect and collect dynamic pages much better than a regular crawler
• Gather more extensive crawling data for more in-depth results

Fingerprinting for personalized security testing

During a scan, Application Scanning performs extended fingerprinting of your domains and the software they run, including resolving the CMS (if any), underlying technology stack, and the operating system. This then customizes the subsequent vulnerability scanning phase and activates additional tests applicable to the specific technology identified.

For greater scalability and to face ever-evolving security threats, fingerprinting allows us to expand our security tests without overloading with irrelevant tests to match your needs.

For example, suppose 80% of our customers work with WordPress. In that case, we can find more diverse WordPress vulnerabilities, benefiting a more extensive customer base.