A leading security scanning platform built by leading penetration testing experts
AppCheck is a leading security scanning platform that automates the discovery of security flaws within your websites, applications, network, and cloud infrastructure.
Assessments can be conducted throughout the application life cycle from development to production. AppCheck integrates with common development tools such as JIRA and TeamCity and includes a JSON API to allow integration with other tools.
Scans can be launched in seconds using pre-defined scan profiles built by our security experts. Each finding within the report includes a detailed narrative and easy to understand remediation advice.
All AppCheck licences provide unlimited users and unlimited scanning 24 hours a day 365 days a year.
Trusted by hundreds of brands worldwide
Contact us or call us 0113 887 8380
Scan quickly & accurately
The Dashboard presents a fully configurable view of your current security posture. From here you can track remediation progress, spot vulnerability trends and instantly see which areas of your environment are most at risk.
Whether you just want to run a quick scan or are a power user who needs ultimate control, AppCheck allows complete flexibility. Scans can be run in a few clicks using profiles built by our security experts or built from scratch using the profile editor.
Results can be exported as either a professional penetration testing report in Microsoft Word format or as a CSV file, with a single click. Results can also be exported in JSON format to allow easy integration with third-party tools.
Download sample report
The rescan feature allows individual vulnerabilities to be retested to determine if an applied remediation has been successful. Each rescan adopts a first principals approach to ensure all known methods of exploiting a given vulnerability are tested for. This ensures the applied fix is robust and cannot be bypassed by the attacker. Remediation process is tracked and presented graphically to give an instant view of remediation efforts across the team.
AppCheck includes a granular scheduling system to allow scans to run within a permitted scan window, automatically pausing and resuming based on the configured schedule. Each scan can be configured to automatically repeat to ensure continuous scanning so that you never miss a new vulnerability.
Our proprietary scanning technology is built and maintained by leading penetration testing experts and offers unparalleled accuracy.
Appcheck is designed and built by UK based CREST and CHECK accredited penetration testers. All our support comes directly from penetration testers who fully understand the vulnerabilities.
Key Technical Features
AppCheck detects security flaws by adopting a first principles methodology rather than firing checks from a known vulnerability database. This approach successfully identifies security flaws within applications and systems that are previously unknown and undisclosed. Our support team will then work directly with the vendor to ensure the flaw is fixed and a patch is made available.
To overcome this limitation, AppCheck implements a browser-based crawler that combines application modelling techniques and subtle heuristical cues to automatically discover the complete attack surface of any given application in the shortest time possible.
Application components that require human intuition to navigate can be off limits to many automated scanners.
AppCheck includes an easy to use scripting language named GoScript which can be used to navigate and scan complex workflows and single page applications.
A JSON based API is available as standard to provide integration with development tools and other systems. The API can be used to drive scans and retrieve results as part of your continuous integration and development processes.
A key deliverable in professional penetration testing is to demonstrate the real-world impact of discovered vulnerabilities.
Many of the scanning modules deployed by AppCheck include an option to safely exploit vulnerabilities so that real business impact can be demonstrated to all stake holders from board level to the development team.
Web application scanning covers all known vulnerability classes including all of the OWASP top 10. Easily view and manage all your known OWASP top 10 vulnerabilities in customisable dashboards, scans and reports.
We tested multiple DAST solutions and AppCheck stood out as the tool to tick all of the boxes. We needed a scanner that allowed simple yet granular configuration, a dashboard that enabled multiple departments to manage any discovered vulnerabilities, would give us great vulnerability detection coverage and that came within our budget. AppCheck did this and more and their support team offer useful guidance on getting the best out of the tool, as well as keeping us updated with the latest threats and security news.
When we compared AppCheck against a team of manual penetration testers, AppCheck identified all of the same vulnerabilities, plus an additional three critical vulnerabilities and did so in under half the time. This demonstrated how advanced AppCheck was as a web application security scanner and how cost effective it is compared with manual testing. We see AppCheck being a long term tool in our security management system.
We have worked with Appcheck for over 3 years and in that time we have found Appcheck personnel to be professional and knowledgeable. The system is very easy to use and penetration testing is decisive with results produced in a very precise format that is visibly and textually informative.
AppCheck has taken the stress out of penetration testing, gone are the weeks of liaising with vendors and honing scan profiles to produce a once a year report, regular automated scheduled scans means we can relax while AppCheck does the heavy lifting.