AppCheck uses a sophisticated framework of automated techniques to thoroughly scan your organization’s systems and identify vulnerabilities that may present a potential threat. We track the latest Common Vulnerabilities and Exposures (CVE) disclosures, and our CPE (Common Platform Enumeration) detection provides unrivalled accuracy in assessing the applicability of newly disclosed threats to your own unique technical environment. In combination, this grants AppCheck the ability to identify vulnerabilities that other tools may miss, providing you with the most accurate assessment available of your infrastructure’s security.
Known Vulnerability Database (VulnFeed)
While AppCheck is capable of detecting Zero Day vulnerabilities with powerful DAST scanning techniques, we also report “known vulnerabilities” identified to be affecting your systems based on version number detection.
Proactively identify and remediate a constantly updated catalogue of known vulnerabilities
Benefits of AppCheck
Get a free vulnerability scan
Why carry out Infrastructure vulnerability scanning?
Infrastructure components, owing to their expansive and intricate nature, pose a persistent attraction for malicious hackers due to the formidable challenge of securing them effectively.
Conducting regular infrastructure vulnerability scanning allows organisations to identify and assess vulnerabilities within their network infrastructure, servers, routers, switches, and other critical components.
This supports effective patch management, early detection to prevent potential security incidents, risk mitigation, efficiency of security teams and in meeting compliance standards.
How does Infrastructure scanning work?
Infrastructure vulnerability scanning focuses on the detection of vulnerabilities within the portion of an organisation’s attack surface that extends beyond web (HTTP) services alone. This typically includes a substantial and often overlooked range of devices, services and protocols, any of which could potentially contain exploitable vulnerabilities. Examples include the services (such as Mail or DNS) running on both servers and workstations, as well as end user software, and network devices such as routers, switches and firewalls. It identifies and flags potential security issues, allowing organisations to remediate them proactively before they can be exploited by potential attackers.
The AppCheck scanner identifies open ports that operated services have exposed on your network, and then subjects each to active analysis to identify the service that it is bound to. Futher subtle probing and response analysis permits the scanner to tease out further details, such as the likely version number of the exposed service. The scanner uses this information to gain an understanding of the organisation’s total attack surface – the services that a remote unauthenticated attacker may target in order to compromise your environment.
Built-in support for multiple authentication protocols and services allows the AppCheck vulnerability scanner to establish authenticated connections (sessions) to remote hosts and devices, permitting it to directly audit the version numbers of installed software.
AppCheck’s proprietary Vulnerability Database Service is then used to identify vulnerabilities that are known to impact each identified software version. The AppCheck scanner has unparalleled access to constantly updated vulnerability information from a variety of sources including (but not limited to) data from the NVD API, which allows it to identify and report many more vulnerabilities version than ever before.
In addition to the constantly expanded catalogue of vulnerabilities that AppCheck is capable of detecting based on enumerated version information, the scanner also performs “active” checks to identify further vulnerabilities due to issues such as environment-specific security misconfigurations which an attacker may pursue in order to gain access to your systems or data.