Identify security flaws within your network quicker, easier and more accurately with AppCheck Next Generation vulnerability scanning software.

AppCheck has been designed from the ground up and boasts one of the most intelligent SaaS web application scanning engines on the market. By working closely with some of the UK’s leading penetration testers, each scanning module has been designed to maximise detection accuracy whilst minimising false positives.

Many existing web application scanners rely on parsing web pages in order to discover application components (e.g. links and forms). This approach is no longer effective when testing modern web 2.0 based applications. Components generated at runtime using JavaScript, Flash or Silverlight components will remain invisible to traditional discovery techniques.

The AppCheck NG scanning engine employs two integrated crawling technologies to overcome this challenge. Our HTTP/HTML based crawler is used to discover components quickly and to identify hidden components through forced browsing. A second integrated crawling engine then executes web pages in the same way a normal browser would. Any embedded scripts or components are then able to run as intended whilst allowing full visibility to the discovery engine. If a modern web browser such as Google Chrome can access the application, AppCheck NG can crawl it.

  • Thorough assessment of all known web application vulnerability classes such as those defined within the OWASP top ten.
  • Advanced detection of DOM based Cross Site Scripting (XSS) vulnerabilities through JavaScript taint analysis.
  • Decompilation and static analysis of Adobe Flash files.
  • HTML5 postMessage analysis.
  • Confirmation of discovered flaws through safe vulnerability exploitation.

Advanced technology: Access sophisticated scanning and exploit technology designed by experienced penetration testers

One simple platform: Provides a single platform to identify and manage web application and infrastructure risks

Sophisticated discovery: Offers accurate discovery and analysis of “rich” Internet Applications via a combined network and browser-based scanning engine

Intelligent authentication: Supports complex multistage applications and authentication schemes

Eliminates false positives: Confirms vulnerabilities through safe exploitation to eradicate false positives and provide proof of concept

Identifies all known web application vulnerabilities: Detects critical web application security flaws, as defined by the OWASP Top Ten, e.g. SQL and XSS

Unrivalled detection rates: Supports security strategy with fast, intelligent web crawling and exceptional detection rates

Intelligent remediation management: Assign and prioritise each vulnerability’s remediation to nominated members of your team using AppCheck NG’s workflow management system

Easy to maintain security: Schedule scans to run at any given date and time. Scan at regular recurring intervals with email notification