AppCheck was born as an internal penetration testing tool in 2003 with the aim of accurately detecting critical security vulnerabilities at scale. Our challenge was to develop a tool that could automate as much of the penetration testing process as possible whilst retaining the level of accuracy that is critical when performing a security review.
With each penetration testing engagement, the team added new capabilities to the tool based on real world findings. Our goal was simple, if there was any way the attack could be automated, it was added to AppCheck.
Over time AppCheck grew into an indispensable tool allowing us to automate almost all of our penetration testing activities leaving more time to concentrate on more exotic vulnerabilities such as social engineering attacks and analysing flaws in business logic.
In 2008, we invited key clients to use AppCheck to perform regular scanning so that critical vulnerabilities did not go unchecked between pen testing engagements. The feedback was overwhelmingly positive and demand for AppCheck grew rapidly.
It became clear that AppCheck needed a life of its own, with a dedicated research and development team and a platform that could scale from single one-off scans to enterprise level scanning.
In 2009 AppCheck rebooted, designed from the ground up to be distributed, scalable and fault tolerant, whist retaining the focus on accuracy of the original scanner.
In 2014 AppCheck started trading commercially as it’s own entity and to this day, our original goal of trying to automate as much of a manual assessment as possible still remains true. Due to our original vision and ability to find some of the hardest to reach vulnerabilities, AppCheck is now used globally and has been utilised by over a thousand organisations for regular and thorough vulnerability testing.
AppCheck becomes the latest vendor to be authorized by the Common Vulnerabilities and Exposures (CVE) Program as a CVE Numbering Authority (CNA).
One of around 200 vendors across 32 countries, joining companies such as Apple, Google, Facebook, GitLab and Microsoft. The step to join the programme was taken due to the volume and frequency in which AppCheck were discovering vulnerabilities.