Skip to Content
Internal ScanningOverview

Internal Scanning Agent

Scan web applications inside your private network with the same DAST capabilities as external scanning. The Internal Scanning Agent deploys in your infrastructure and identifies vulnerabilities in applications that aren’t exposed to the public internet.

How It Works

Internal Scanning Overview - Scanner deployed in your private network connects outbound to Detectify Platform
Click to enlarge
  1. Deploy the agent in your private network (AWS, Azure, GCP, or on-premises)
  2. Configure scan targets in the Detectify platform
  3. Scan - the agent scans your internal applications from within your network
  4. Review results in the Detectify dashboard alongside external scan findings

Choose Your Path

I’m evaluating this solution

For Security Leaders & AppSec Engineers

Understand what Internal Scanning does, how it fits into your security program, and what the security implications are.

I’m ready to deploy

For DevOps & Platform Engineers

Get the scanner running in your environment with step-by-step deployment guides.

Key Benefits

BenefitDescription
Same scanning engineSame scanning capabilities as external scanning, including crowdsourced security research
Data stays privateYour application data never leaves your network - only scan metadata and results are sent to Detectify
No inbound accessAll communication is outbound-only over TLS 1.3. No firewall holes required
Unified visibilitySee internal and external scan results in one dashboard

Deployment Options

PlatformStatusMethod
AWS (EKS)AvailableTerraform
Self-Managed / On-PremisesAvailableHelm Chart
Self-Managed / On-PremisesAvailableInstaller

Getting Started

Operations

Integrations

Last updated on
TroubleshootingUse Cases