AppCheck Automated Vulnerability Scanning Tool

What is AppCheck?

AppCheck is an ‘automated vulnerability scanner.’ A vulnerability scanner is a computer program designed to assess computers, networks or applications for known weaknesses such as cross-site scripting, SQL injection and more.

Appcheck Logo

The product itself can be broken down into two main parts:

Slider Shield

Application Scanning

With application scanning you are, in most cases, looking for “unknown” vulnerabilities in custom code. This is where AppCheck excels so should be the main area of focus.
AppCheck approaches this using a ‘first principles methodology’ which is best explained in an excerpt from our website:

‘Rather than use a database of static signatures, AppCheck approaches each test in the same way a hacker or penetration tester would and applies a testing methodology. The vast majority of application security flaws, such as SQL Injection and Cross-Site Scripting arise from insecure processing of input supplied by the client. AppCheck adopts a first principals approach when testing each input by examining the original expected value and the servers response when the value is modified. By adopting this methodology, AppCheck is able to determine how data may be being processed by the server and can then dynamically evolve each test to identify vulnerabilities. This approach results in more accurate testing and allows AppCheck to identify security flaws that may be masked by security filters and Intrusion Prevention Systems (IPS), but could still be exploited by a real-world attacker.’

Infrastructure Scanning

Infrastructure vulnerabilities broadly fall into the category “known” vulnerabilities. What we mean by this is that it’s a vulnerability that has been disclosed publicly and is typically in a “off the shelf” software product.

Detection is usually as simple as getting the version number of the product and checking it doesn’t fall within a list of known vulnerable versions, through to sending a payload to a vulnerable service to in order to make it behave in a way to exhibit the vulnerable behaviour for detection. Solutions are usually to patch or upgrade the product to the latest version from the vendor which contains the fix.

Identifying and patching critical services both internet facing and internal is important as with the increase of ransom ware, the attacks are becoming more frequent and they are targeting new vulnerabilities faster.

Infrastructure Scanning

Why would someone use an automated tool?

Automated tools are designed to run in the background searching for security flaws within websites, applications, network and cloud infrastructure on a set schedule, whether that be out of business hours or continuously. This ensures year-round coverage and quicker detection of zero days.

Why AppCheck?

Deployed as single SaaS scanning system or as part of a distributed scanning network, Appcheck offers unparalleled detection rates, accuracy and scalability.

AppCheck is a UK-based software security vendor with a UK-based support team. Offering several UK-based support services tailored to organisations of different sizes and technical understanding, AppCheck really excels at customer service, with access to remediation advice from experienced penetration testers.

Built from the ground up by experienced penetration testers, AppCheck’s aim is to bridge the gap between manual and automated testing tools, giving constant visibility with professional penetration test style reports.

All licences come with unlimited users meaning multiple departments can run scans against a variety of environments such as live, UAT and SDLC enabling AppCheck software to discover vulnerabilities 24/7 across your whole business.

Not only does AppCheck detect vulnerabilities with known signatures, they detect some of the hardest to reach security flaws using a first principles methodology setting them apart from other vendors and resulting is being trusted by some of the worlds most recognised brands.

Features

  • Automatic vulnerability detection
  • Detects OWASP Top 10 vulnerabilities, zero days and 1,000s of known vulnerabilities
  • Easy to use vulnerability management dashboard
  • Technology agnostic
  • Self-configured or templated tailored scans that fit your business with ease
  • Scheduled scans for continuous or out of hours scanning
  • Simple one-click reporting
  • Safe exploitation of vulnerabilities
  • Easy remediation advice for discovered vulnerabilities
  • Flexible configuration and integrations with common development tools
  • Conduct tests throughout the SDLC
  • Ability to identify zero day vulnerabilities

Benefits

  • Unlimited users mean multiple stakeholders can be assigned, view and manage vulnerabilities
  • Unlimited scanning frequency means vulnerabilities can be discovered sooner
  • Reports contain high-level overview and technical breakdown of vulnerabilities to cater to all audiences for easy remediation from dev teams or presentation to management
  • Detailed remediation advice helps quickly understand the vulnerability and potential impacts
  • Ability to navigate complex workflows through multi-stage authentication and replicate user journeys
  • Cost-effective
Learn how we can help transform your business

Get in touch online via the contact form or give us a call on 01582 380505