AppCheck is a software security vendor based in the UK, that offers a leading security scanning platform which automates the discovery of security flaws within organisations websites, applications, network, and cloud infrastructure.

Our proprietary and innovative scanning technology is built and maintained by leading penetration testing experts, offering unparalleled accuracy and detection rates. Our continuous aim is to bridge the gap between manual and automated testing and to emulate the process of a manual penetration tester.

Our area of specialism lies within testing complex websites and applications. Not only do we detect vulnerabilities with known signatures, it’s our ability to detect some of the hardest to reach security flaws using a first principles methodology that is setting us apart from other vendors and is why we’re now trusted by some of the worlds most recognised brands.

Users can run unlimited and continuous scans and can track and analyse discovered vulnerabilities through the vulnerability management platform. All licences come with unlimited users meaning multiple departments can run scans against a variety of environments such as live, UAT and SDLC enabling our software to discover vulnerabilities 24/7.

Our commercial model is very transparent which is delivered through our trusted global partner program and direct sales team which is based in the UK. There are multiple licence models available that are all fully scalable meaning that our solution caters for SME’s and education, through to public sector and blue-chip organisations. Due to the large range of clients we support, we also offer several tailored support services, each depending on our client’s requirements and technical understanding which puts our services and support at the heart of what we do.

The story behind AppCheck


AppCheck was born as an internal penetration testing tool in 2003 with the aim of accurately detecting critical security vulnerabilities at scale. Our challenge was to develop a tool that could automate as much of the penetration testing process as possible whilst retaining the level of accuracy that is critical when performing a security review.

With each penetration testing engagement, the team added new capabilities to the tool based on real world findings. Our goal was simple, if there was any way the attack could be automated, it was added to AppCheck.


Over time AppCheck grew into an indispensable tool allowing us to automate almost all of our penetration testing activities leaving more time to concentrate on more exotic vulnerabilities such as social engineering attacks and analysing flaws in business logic.


In 2008, we invited key clients to use AppCheck to perform regular scanning so that critical vulnerabilities did not go unchecked between pen testing engagements. The feedback was overwhelmingly positive and demand for AppCheck grew rapidly.

It became clear that AppCheck needed a life of its own, with a dedicated research and development team and a platform that could scale from single one-off scans to enterprise level scanning.


In 2009 AppCheck rebooted, designed from the ground up to be distributed, scalable and fault tolerant, whist retaining the focus on accuracy of the original scanner.


In 2014 AppCheck started trading commercially as it’s own entity and to this day, our original goal of trying to automate as much of a manual assessment as possible still remains true. Due to our original vision and ability to find some of the hardest to reach vulnerabilities, AppCheck is now used globally and has been utilised by over a thousand organisations for regular and thorough vulnerability testing.


After much development we launched a new scanning engine capable of scanning single page applications, becoming one of the first vendors to be making developments in this area and market leaders in this regard. Previously out of reach to automated scanners, we wanted to allow our scanner to crawl these complex single page applications, comprised almost entirely of JavaScript, to test for vulnerabilities.


AppCheck becomes the latest vendor to be authorized by the Common Vulnerabilities and Exposures (CVE) Program as a CVE Numbering Authority (CNA).

One of around 200 vendors across 32 countries, joining companies such as Apple, Google, Facebook, GitLab and Microsoft. The step to join the programme was taken due to the volume and frequency in which AppCheck were discovering vulnerabilities.

We're trusted by hundreds of brands worldwide

Put us to the test.
Try AppCheck for free

No software to download or install.
Contact us or call us 0113 887 8380

Get in touch

Please enable JavaScript in your browser to complete this form.

Start your free trial

Your details
IP Addresses