AppCheck is a vulnerability scanning platform built by leading penetration testing experts to expose security issues
A Complete Vulnerability Scanning Solution
AppCheck provides a comprehensive vulnerability scanning platform that is designed to cover and test each layer of an organisation’s key IT systems for vulnerabilities, in one seamless and intuitive solution. Read more about our approach to vulnerability scanning.
Trusted by some of the world's biggest brands
Contact us or call us 0113 887 8380
Application and Infrastructure Vulnerability Scanning
Vulnerability scanning is the process of exposing flaws in websites, programs, networks and cloud infrastructures through an automated process that outlines the potential risks and vulnerabilities. AppCheck provides a complete vulnerability scanning solution to ensure security across your platforms.
Key Benefits of AppCheck
AppCheck emulates the process of a manual penetration test to provide full coverage of the OWASP Top 10, zero day vulnerabilities, and 100,000+ known security flaws by interrogating CVE database.
Deploy tests instantly using pre-configured scan templates or schedule scans for out of hours testing. Each scan can be configured on a repeat cycle to ensure they are run continuously to catch new vulnerabilities as soon as they are introduced.
AppCheck implements a browser-based crawler that combines application modelling techniques and subtle heuristical cues to automatically discover the complete attack surface of any given application and build an event graph in the shortest time possible.
AppCheck detects security flaws by adopting a first principles methodology rather than firing checks from a known vulnerability database. This approach successfully identifies security flaws within applications and systems that are previously unknown and undisclosed.
All vulnerabilities are tracked and managed through the vulnerability management platform, giving you a complete system overview to show you what the outside world sees.
With just a click you can produce professional penetration testing style reports which include a detailed technical narrative and remediation steps for all findings.
AppCheck provides the full picture.
Safely exploit vulnerabilities so that real-world business impact can be demonstrated to all stake holders from board level to the development team.
The AppCheck tool is built and maintained by leading penetration testing experts and has been designed from the ground up to ensure unparalleled accuracy and detection rates.
What is Different About AppCheck?
Our proprietary scanning technology is built and maintained by leading penetration testing experts allowing us to understand how a penetration tester or attacker would explore a given application, utilising visual cues and ruling out equivalent instances of the attack surface if they have already been explored.
The AppCheck research team are constantly finding new vulnerabilities and AppCheck are authorised by the Common Vulnerabilities and Exposures (CVE) Program as a CVE Numbering Authority (CNA).
Support is provided by UK based Engineers. Support tickets are managed under constantly reviewed SLA’s, and can be viewed and managed online. We regularly manage and update our help content to help our customers get the best from our service.
All of the above help ensure you can trust our vulnerability scanning systems to keep your applications secure.
Vulnerability Scanner Features
The Dashboard presents a fully configurable view of your current security posture. From here you can track remediation progress, spot vulnerability trends and instantly see which areas of your environment are most at risk.
See all features
Whether you just want to run a quick scan or are a power user who needs ultimate control, AppCheck allows complete flexibility. Scans can be run in a few clicks using profiles built by our security experts or built from scratch using the profile editor.
See all features
Results can be exported as either a professional penetration testing report in Microsoft Word format or as a CSV file, with a single click. Results can also be exported in JSON format to allow easy integration with third-party tools.
Download sample report
The rescan feature allows individual vulnerabilities to be retested to determine if an applied remediation has been successful. Each rescan adopts a first principals approach to ensure all known methods of exploiting a given vulnerability are tested for. This ensures the applied fix is robust and cannot be bypassed by the attacker. Remediation process is tracked and presented graphically to give an instant view of remediation efforts across the team.
AppCheck includes a granular scheduling system to allow scans to run within a permitted scan window, automatically pausing and resuming based on the configured schedule. Each scan can be configured to automatically repeat to ensure continuous scanning so that you never miss a new vulnerability.
Vulnerability Scanning Services
Due to their large and complex attack surface and the difficulty in ensuring they are secure, web applications continue to be a prime target in attacks for malicious hackers.
Web application scanning works by continually attempting to break into and compromise your applications in the same way that a hacker would in order to pinpoint any potential gaps in your security.
Dynamic Analysis Security Testing (DAST) is a vulnerability scanning method that exposes potential security issues on running web applications and services.
DAST works in the way a hacker would attempt to gain access or take advantage of flaws and insecurities within your applications. It works via an outside approach with no prior information of the application or code and searches for vulnerabilities.
Automated Penetration Testing operates by simulating attacks on systems continually in order to discover potential vulnerabilities.
Automated testing is a cost-effective, complementary form of testing which can reduce the overall investment of vulnerability testing when combined with manual testing. By utilising both these techniques it can allow full coverage of your systems to maximise your security and protection against an attack.
External vulnerability scanners explore all of your potential weaknesses that a hacker would discover and inform you of how to resolve these before they can be exploited.
AppCheck combines open source intelligence gathering and a sophisticated browser based crawling engine to identify application components that could be vulnerable to attack, providing remediation advice with all findings.
Web API scanners such as AppCheck work by checking your APIs for common pitfalls and security issues that could be prone to attack. Rather than use a database of static signatures of known weaknesses, the AppCheck platform applies a rigorous test methodology to tease out even previously unknown weaknesses in the same way a hacker or penetration tester would.
Once considered a niche form of web interface used primarily within internal networks and screened data feeds, web APIs have seen explosive growth in recent years.
Single Page Applications (SPAs) require different security assessment techniques, a different mindset, and a different approach.
The AppCheck scanner has been developed by in-house, expert penetration testers. It can natively navigate, and contextually and intelligently scan, SPAs. It does so in the exact same, context-aware manner as a penetration testing expert would and using the same advanced and battle-tested methodologies.
We tested multiple DAST solutions and AppCheck stood out as the tool to tick all of the boxes. We needed a scanner that allowed simple yet granular configuration, a dashboard that enabled multiple departments to manage any discovered vulnerabilities, would give us great vulnerability detection coverage and that came within our budget. AppCheck did this and more and their support team offer useful guidance on getting the best out of the tool, as well as keeping us updated with the latest threats and security news.
When we compared AppCheck against a team of manual penetration testers, AppCheck identified all of the same vulnerabilities, plus an additional three critical vulnerabilities and did so in under half the time. This demonstrated how advanced AppCheck was as a web application security scanner and how cost effective it is compared with manual testing. We see AppCheck being a long term tool in our security management system.
We have worked with AppCheck for over 3 years and in that time we have found Appcheck personnel to be professional and knowledgeable. The system is very easy to use and penetration testing is decisive with results produced in a very precise format that is visibly and textually informative.
AppCheck has taken the stress out of penetration testing, gone are the weeks of liaising with vendors and honing scan profiles to produce a once a year report, regular automated scheduled scans means we can relax while AppCheck does the heavy lifting.
We are very pleased to have AppCheck as part of our toolkit and it plays a key role in securing our 90+ websites. It has become a fundamental part of our website deployment process, with all new releases being scanned prior to going live which has enabled us to identify zero day vulnerabilities and delay releases until they have been resolved. AppCheck is very easy to use, with the reports generated being very easy to read and interpret, enabling us to be able to forward vulnerabilities on to our various development teams and partners for a swift resolution. The best thing is that I know we have only scratched the surface in terms of AppCheck’s capabilities, yet already it has proved to be a valuable addition so hopefully we can continue to get more out of the platform.
The main benefit of Appcheck for us is the speed with which we can spin up a test. The application compares well with manual testing and indeed has found significant vulnerabilities on a number of occasions. The reports are well structured and ready for presentation to senior management with minimal editing.
We use AppCheck as part of our security strategy, due to its ease of use and clear and concise reporting functions. Compared to manual pen-testing we find AppCheck much easier and more cost effective and feel confident vulnerabilities are being picked up all year round. Their support team are always on hand for any queries we may have. I would definitely recommend AppCheck if you're looking for a market leading solution that covers all bases.
Leeds Credit Union have been using AppCheck’s services for some time now and we have found their staff to be friendly and very helpful in getting the product to do exactly what we want. The process is quite straight forward and the staff at AppCheck are always eager to answer any questions we may have. We have tried other products that have been way more expensive as well as onsite penetration testing but found that AppCheck easily beat them both in terms of costs, depth of coverage and the ability to re-test at no extra cost when any vulnerabilities are resolved. We would have absolutely no problem in recommending them to any company.
In short the AppCheck penetration security tool has eased our security woes considerably and made us into happy people! We trust the beautiful reports it produces which are comprehensive yet concise, which enables us to prioritise and actioning the identified vulnerabilities is a breeze. The impressive penetration solution is cloud-hosted offering zero-day protection, and is easy to use with a good user-friendly interface. The support, when required, have all been knowledgeable, professional and resolve calls in a timely manner. You can probably tell we like AppCheck!
Appcheck is an essential part of our security planning. Simple to use and easy to get started, but scratch the surface and the depth of the service quickly becomes apparent. After using the product for a number of years, I don’t think I’d be comfortable without it. The results are very accurate even when compared to manual penetration testing. The team are fantastic, always available and listen to requirements and suggestions. Penetration testing is no longer the headache it was and I’m definitely sleeping easier at night!
We needed an all-encompassing testing solution providing maximum coverage across our services. AppCheck’s ability to schedule assessments has enabled us to run regular repeated scans giving us peace of mind that our Infrastructure is secure and our patient data is not compromised, with the benefit of rapid remediation and re-testing. One click reporting means we can instantly provide clear and concise information on our security posture in an easy to read format which is able to be digested by all departments and stakeholders across multiple services within both our own organisation and our customer base. The support offered is second to none, not that this is needed often. The platform is so easy to use and once potential vulnerabilities are found the simple remediation advice means we can resolve them quickly. We took the time to review multiple platforms and found AppCheck to be the most cost-effective, especially when compared to the potential fines now in place for data breaches. In short, AppCheck enables us to take a pro-active approach to security testing and gives us the comfort in knowing our systems are being constantly monitored.
I highly recommend this for anyone not currently using automated vulnerability scanning – or is not confident they’re using a best-in-class solution as part of their strategy.