Just more ramblings of another IT Guy

detectify – Free Website Vulnerability Scanning

Detectify is a cloud based security scanner (SaaS) offering a free tire for non-commercial use on a single domain.

detectify_logo

The sign up process is painless with the most difficult tasking being having to verify ownership of the domain you are signing up for. Even this is straight forward with clear, concise instructions and the option to import through Google Analytics

Adding a Domain via detectify Dashboard

The prominence of the “Tell us what you think” widget throughout the site shows the developers really are keen to get feedback from customers and to continually improve the product.

A scan is an automatic penetration tests focusing on the exposed web application.  The free version includes many of the same features as the premium version such as scheduled scanning, reports etc

Hosted on Amazon’s aws cloud the scan covers OWASP’s top 10 and the findings classified according to CVSSv2.

The scan itself is broken down into the following stages

  1. Information Gathering
  2. Crawling
  3. Information Analysis
  4. Fingerprinting
  5. Exploitation
  6. Synchronous Exploitation
  7. Finalization

More information on the above can be found here

The generated report is quite useful in detecting unknown vulnerabilities and patching them before they are exploited.

This is definitely worth a review and test because, as detectify say….

..”GO HACK YOURSELF OR SOMEONE ELSE WILL”

This entry was posted in Tips+Tricks. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *