Platform Overview
How Detectify Works
Detectify identifies vulnerabilities by sending real exploit payloads and verifying that they trigger a vulnerable response. This payload-based approach produces a true positive rate of approximately 99.7%.
hmThe vulnerability tests are built and maintained by a curated community of approximately 400 ethical hackers through the Crowdsource program, supplemented by Alfred AI for automated CVE coverage.
Four Products, One Platform
Detectify provides four products that work together across a unified dashboard, API, and integration layer.
Surface Monitoring
Continuous discovery and monitoring of your external attack surface. Surface Monitoring maps your internet-facing assets 24/7, identifying subdomains, IP addresses, open ports, running technologies, and security misconfigurations without requiring you to provide a complete asset inventory upfront.
- Subdomain enumeration and DNS record analysis
- Port scanning and service detection
- Technology fingerprinting
- SSL/TLS certificate monitoring
- Continuous change detection with alerting
Application Scanning
Deep security testing of web applications using payload-based fuzzing. Application Scanning crawls your applications with a headless browser, builds a state graph of reachable application states, and fuzzes every discovered input with exploit payloads from 1,765+ Crowdsource modules.
- Headless Chrome crawling with JavaScript execution
- Graph-based state exploration
- Authenticated scanning support
- OWASP Top 10 and beyond
- Scheduled and on-demand scans
API Scanning
Security testing of REST APIs driven by OpenAPI specifications. Upload your OpenAPI spec and API Scanning will fuzz every documented endpoint and parameter.
- OpenAPI 2.x and 3.x specification support
- Parameter fuzzing across path, query, header, and body parameters
- Authenticated scans including OAuth support
Internal Scanning
The same DAST engine deployed inside your network via a lightweight agent. Internal Network Testing scans applications in your perimeter without requiring inbound firewall rules. The agent communicates outbound-only to the Detectify cloud platform.
- Agent deployed via Docker, Helm, or Terraform
- Outbound-only HTTPS communication
- Full Crowdsource module coverage
- Results unified in the same dashboard as external scans
Shared Platform Capabilities
All four products share a common platform layer.
Authentication and Access Control
- SSO/SAML — Integrate with your identity provider for single sign-on
- Role-Based Access Control (RBAC) — Assign granular permissions by team, product, or asset group
- Multi-factor authentication — Enforce MFA for all user accounts
Data Security
- BYOK Encryption — Bring your own encryption keys for data at rest
- Data residency — EU-hosted infrastructure
- SOC 2 Type II certified
Integrations and API
- REST API — Full programmatic access to assets, scans, findings, and configuration
- Native integrations — Jira, Slack, PagerDuty, Splunk, Microsoft Teams, and more
- Workato connector — Build custom automation workflows connecting Detectify to hundreds of enterprise tools
- Webhooks — Real-time event notifications for scan completions, new findings, and asset changes
- CI/CD integration — Trigger scans from GitHub Actions, GitLab CI, Jenkins, and other pipelines
How It All Fits Together
- Discover — Surface Monitoring continuously maps your external attack surface, finding assets you may not know about
- Assess — Application Scanning and API Scanning is used for deeper scanning pointed at desired targets on your external attack surface. For the internal attack surface, deploy and run scans using Internal Scanning
- Prioritize — Findings are deduplicated, correlated, and scored using CVSS standards so your team focuses on what matters most
- Remediate — Findings include reproduction steps and remediation guidance, and can be routed to Jira, Slack, and 1000+ other integrated tools
- Verify — Re-scan to confirm fixes and track remediation progress over time
Next Steps
- How Detectify Works — Technical deep dive into the scanning engine
- Crowdsource — Learn about the ethical hacker network
- Get Started — Set up your account and run your first scan