Detectify is a cloud based security scanner (SaaS) offering a free tire for non-commercial use on a single domain.
The sign up process is painless with the most difficult tasking being having to verify ownership of the domain you are signing up for. Even this is straight forward with clear, concise instructions and the option to import through Google Analytics
The prominence of the “Tell us what you think” widget throughout the site shows the developers really are keen to get feedback from customers and to continually improve the product.
A scan is an automatic penetration tests focusing on the exposed web application. The free version includes many of the same features as the premium version such as scheduled scanning, reports etc
Hosted on Amazon’s aws cloud the scan covers OWASP’s top 10 and the findings classified according to CVSSv2.
The scan itself is broken down into the following stages
- Information Gathering
- Crawling
- Information Analysis
- Fingerprinting
- Exploitation
- Synchronous Exploitation
- Finalization
More information on the above can be found here
The generated report is quite useful in detecting unknown vulnerabilities and patching them before they are exploited.
This is definitely worth a review and test because, as detectify say….
..”GO HACK YOURSELF OR SOMEONE ELSE WILL”
Leave a Reply