Event Details
Want to better understand your cyber security landscape? Join Novosco at their headquarters in Belfast for an afternoon of discussion around all things cyber security.
When: Thursday 17th October
Where: Novosco HQ, Belfast
Agenda:
2.00pm Overview of Managed Security Services | Peter Moorhead, Information Security, Novosco
2.30pm Tour of Novosco Security Operations Centre
3.00pm Web Application Security: Why so hard? | Nick Blundell, Head of R & D, AppCheck
4.30pm Q&A
5.00pm Finish
Trusted by hundreds of brands worldwide
Contact us or call us 0113 887 8380
Scan quickly & accurately
The Dashboard presents a fully configurable view of your current security posture. From here you can track remediation progress, spot vulnerability trends and instantly see which areas of your environment are most at risk.
Whether you just want to run a quick scan or are a power user who needs ultimate control, AppCheck allows complete flexibility. Scans can be run in a few clicks using profiles built by our security experts or built from scratch using the profile editor.
Results can be exported as either a professional penetration testing report in Microsoft Word format or as a CSV file, with a single click. Results can also be exported in JSON format to allow easy integration with third-party tools.
Download sample report
The rescan feature allows individual vulnerabilities to be retested to determine if an applied remediation has been successful. Each rescan adopts a first principals approach to ensure all known methods of exploiting a given vulnerability are tested for. This ensures the applied fix is robust and cannot be bypassed by the attacker. Remediation process is tracked and presented graphically to give an instant view of remediation efforts across the team.
AppCheck includes a granular scheduling system to allow scans to run within a permitted scan window, automatically pausing and resuming based on the configured schedule. Each scan can be configured to automatically repeat to ensure continuous scanning so that you never miss a new vulnerability.
Our proprietary scanning technology is built and maintained by leading penetration testing experts and offers unparalleled accuracy.
Appcheck is designed and built by UK based CREST and CHECK accredited penetration testers. All our support comes directly from penetration testers who fully understand the vulnerabilities.
Key Technical Features
AppCheck detects security flaws by adopting a first principles methodology rather than firing checks from a known vulnerability database. This approach successfully identifies security flaws within applications and systems that are previously unknown and undisclosed. Our support team will then work directly with the vendor to ensure the flaw is fixed and a patch is made available.
Modern web applications built on frameworks such as Angular and ReactJS prove problematic for traditional crawlers that rely on scraping HTML. Navigation and other key application components are often driven through JavaScript events which are completely invisible when analysing HTML.
To overcome this limitation, AppCheck implements a browser-based crawler that combines application modelling techniques and subtle heuristical cues to automatically discover the complete attack surface of any given application in the shortest time possible.
Application components that require human intuition to navigate can be off limits to many automated scanners.
AppCheck includes an easy to use scripting language named GoScript which can be used to navigate and scan complex workflows and single page applications.
A JSON based API is available as standard to provide integration with development tools and other systems. The API can be used to drive scans and retrieve results as part of your continuous integration and development processes.
A key deliverable in professional penetration testing is to demonstrate the real-world impact of discovered vulnerabilities.
Many of the scanning modules deployed by AppCheck include an option to safely exploit vulnerabilities so that real business impact can be demonstrated to all stake holders from board level to the development team.
Web application scanning covers all known vulnerability classes including all of the OWASP top 10. Easily view and manage all your known OWASP top 10 vulnerabilities in customisable dashboards, scans and reports.
We tested multiple DAST solutions and AppCheck stood out as the tool to tick all of the boxes. We needed a scanner that allowed simple yet granular configuration, a dashboard that enabled multiple departments to manage any discovered vulnerabilities, would give us great vulnerability detection coverage and that came within our budget. AppCheck did this and more and their support team offer useful guidance on getting the best out of the tool, as well as keeping us updated with the latest threats and security news.
When we compared AppCheck against a team of manual penetration testers, AppCheck identified all of the same vulnerabilities, plus an additional three critical vulnerabilities and did so in under half the time. This demonstrated how advanced AppCheck was as a web application security scanner and how cost effective it is compared with manual testing. We see AppCheck being a long term tool in our security management system.
We have worked with AppCheck for over 3 years and in that time we have found Appcheck personnel to be professional and knowledgeable. The system is very easy to use and penetration testing is decisive with results produced in a very precise format that is visibly and textually informative.
AppCheck has taken the stress out of penetration testing, gone are the weeks of liaising with vendors and honing scan profiles to produce a once a year report, regular automated scheduled scans means we can relax while AppCheck does the heavy lifting.
We are very pleased to have AppCheck as part of our toolkit and it plays a key role in securing our 90+ websites. It has become a fundamental part of our website deployment process, with all new releases being scanned prior to going live which has enabled us to identify zero day vulnerabilities and delay releases until they have been resolved. AppCheck is very easy to use, with the reports generated being very easy to read and interpret, enabling us to be able to forward vulnerabilities on to our various development teams and partners for a swift resolution. The best thing is that I know we have only scratched the surface in terms of AppCheck’s capabilities, yet already it has proved to be a valuable addition so hopefully we can continue to get more out of the platform.
The main benefit of Appcheck for us is the speed with which we can spin up a test. The application compares well with manual testing and indeed has found significant vulnerabilities on a number of occasions. The reports are well structured and ready for presentation to senior management with minimal editing.
We use AppCheck as part of our security strategy, due to its ease of use and clear and concise reporting functions. Compared to manual pen-testing we find AppCheck much easier and more cost effective and feel confident vulnerabilities are being picked up all year round. Their support team are always on hand for any queries we may have. I would definitely recommend AppCheck if you're looking for a market leading solution that covers all bases.
Leeds Credit Union have been using AppCheck’s services for some time now and we have found their staff to be friendly and very helpful in getting the product to do exactly what we want. The process is quite straight forward and the staff at AppCheck are always eager to answer any questions we may have. We have tried other products that have been way more expensive as well as onsite penetration testing but found that AppCheck easily beat them both in terms of costs, depth of coverage and the ability to re-test at no extra cost when any vulnerabilities are resolved. We would have absolutely no problem in recommending them to any company.
In short the AppCheck penetration security tool has eased our security woes considerably and made us into happy people! We trust the beautiful reports it produces which are comprehensive yet concise, which enables us to prioritise and actioning the identified vulnerabilities is a breeze. The impressive penetration solution is cloud-hosted offering zero-day protection, and is easy to use with a good user-friendly interface. The support, when required, have all been knowledgeable, professional and resolve calls in a timely manner. You can probably tell we like AppCheck!
Appcheck is an essential part of our security planning. Simple to use and easy to get started, but scratch the surface and the depth of the service quickly becomes apparent. After using the product for a number of years, I don’t think I’d be comfortable without it. The results are very accurate even when compared to manual penetration testing. The team are fantastic, always available and listen to requirements and suggestions. Penetration testing is no longer the headache it was and I’m definitely sleeping easier at night!
We needed an all-encompassing testing solution providing maximum coverage across our services. AppCheck’s ability to schedule assessments has enabled us to run regular repeated scans giving us peace of mind that our Infrastructure is secure and our patient data is not compromised, with the benefit of rapid remediation and re-testing. One click reporting means we can instantly provide clear and concise information on our security posture in an easy to read format which is able to be digested by all departments and stakeholders across multiple services within both our own organisation and our customer base. The support offered is second to none, not that this is needed often. The platform is so easy to use and once potential vulnerabilities are found the simple remediation advice means we can resolve them quickly. We took the time to review multiple platforms and found AppCheck to be the most cost-effective, especially when compared to the potential fines now in place for data breaches. In short, AppCheck enables us to take a pro-active approach to security testing and gives us the comfort in knowing our systems are being constantly monitored.
I highly recommend this for anyone not currently using automated vulnerability scanning – or is not confident they’re using a best-in-class solution as part of their strategy.