At AppCheck, many of our best product improvements come directly from customer feedback.
Over the past few months, we’ve been listening closely to the challenges security teams face day to day: understanding where assets came from, reducing noisy infrastructure findings, handling large volumes of vulnerabilities more efficiently, and improving support for modern web technologies.
The latest releases focus on exactly that. We’re excited to announce:
Better visibility into discovered assets
One of the most common questions we hear from customers using Asset Discovery is simple:
“How did AppCheck find this?”
Asset Discovery uses a combination of Open Source Intelligence (OSINT) techniques to uncover internet-facing assets that may otherwise go unnoticed. Until now, customers could see the discovered asset, but not always the discovery path behind it.
With this update, discovered assets now include clear explanations showing:
This gives security teams far more context around why an asset matters and how it connects back to their environment.
More importantly, it mirrors how attackers approach reconnaissance in the real world, helping teams understand not just what was found, but how it could have been found externally.
Infrastructure scanning with backport awareness
False positives remain one of the biggest frustrations in vulnerability management, particularly in Linux environments where vendors backport security fixes without changing visible software versions.
In distributions like Ubuntu and Debian, software may appear vulnerable based on version number alone, even though the vendor has already patched the issue.
Traditional scanners often struggle here, creating unnecessary noise and forcing security teams to manually verify findings.
AppCheck infrastructure scanning now includes backport awareness for Ubuntu and Debian during authenticated scans. By cross-checking findings against vendor security advisories, AppCheck can identify when vulnerabilities have already been addressed despite unchanged version numbers.
The result is:
This is another step towards making vulnerability data more actionable and trustworthy for security teams operating at scale.
Backport awareness is now built-in as standard when you run an authenticated scan on Linux Ubuntu and Debian infrastructure. No extra configuration is needed, and you don’t need to change any infrastructure scans you created before this update. Our infrastructure scanner will automatically filter out any
False Positive vulnerabilities related to backported Ubuntu and Debian versions on any scans you run after the update.
Please note: Any open vulnerabilities detected before this update that are listed as backported will not close automatically as a result of these scanner improvements.
Easier vulnerability management for large environments
Managing vulnerabilities across large estates is not just about finding issues. It is about being able to work with the data efficiently.
This release introduces several improvements designed to simplify vulnerability management workflows when handling large volumes of scan results.
Security teams can now:
For example, when results are grouped by hostname, teams can now update the status of all findings associated with that host in a single action rather than managing them individually.
These changes are designed to reduce friction and help teams spend less time administrating scan data and more time addressing real risk.
We’ll continue expanding these workflow improvements over time, including deeper integration into dashboard and reporting functionality.
Added support for Zstandard (zstd) compression
Modern web applications increasingly rely on newer compression formats designed to improve performance and efficiency.
One of the fastest growing examples is Zstandard (zstd), which is now widely adopted across browsers, CDNs, APIs, and web infrastructure.
Based on customer feedback and observed adoption, AppCheck now supports zstd compression within the web application scanning engine.
This allows AppCheck to replay and analyse zstd-compressed traffic in the same way as gzip or brotli-compressed content, improving coverage for applications already using the format.
For customers already leveraging zstd, scans may now surface additional findings because requests and responses can be analysed more completely.
No configuration changes are required.
Support is currently rolling out across Public Scan Hubs and will be extended to Private Scan Hubs over the coming weeks.
Built from customer feedback
Many of these improvements came directly from customer conversations.
The goal behind all of them is the same: helping security teams spend less time fighting tooling friction and more time understanding and reducing real risk.
As always, we’ll continue listening, refining, and improving based on how customers use AppCheck in the real world.
See the latest AppCheck updates in action
These improvements are designed to reduce friction, improve visibility, and help security teams focus on the risks that actually matter.
To see how the latest Asset Discovery, infrastructure scanning, and vulnerability management updates work in practice, book a walkthrough with the AppCheck team.
No software to download or install.
Contact us or call us 0113 887 8380
AppCheck is a software security vendor based in the UK, offering a leading security scanning platform that automates the discovery of security flaws within organisations websites, applications, network and cloud infrastructure. AppCheck are authorised by the Common Vulnerabilities and Exposures (CVE) Program as a CVE Numbering Authority (CNA)
