Detectify - Application security testing reimagined
by•
Most API scanners are noisy, repackaged engines. We built a proprietary, research-led scanner that finds real exploits, not a backlog of false positives. Get actionable findings you can actually trust.
Replies
I absolutely love the ‘go hack yourself’ tagline — it really sets the mood 🔒.
I really appreciate that this goes beyond just pointing out issues and actually attempts to exploit them.
The proof of findings is a game changer — too many tools leave you wondering if it’s a false positive.
The reproducibility with seeds seems incredibly useful for development teams.
I’m curious — how long does a typical scan take for a medium-sized application?
@ava_morgan3 Thank you for the question. The runtime of a 'typical' scan depends on a lot of factors, and therefore can be anywhere from 15 minutes up to 48 hours. Factors include things like the size and responsiveness of the application, rate limiting, technologies found, etc.
Continuous discovery is essential — most tools just keep repeating the same surface-level checks.
Great positioning against the noise of API security — development teams don’t need more false alerts.
I’d be interested to know if you provide remediation tips along with proof.
@carina_tasha I replied to a similar question so apologies for repeating myself here. Digging into a finding, you get:
Request & response with the HTTP request we sent out, and the HTTP response we received from the web application.
Details providing additional information, such as what we are basing the finding on. Depending on the finding type, you might see a code snippet, screenshots, or other information.
References to online resources from Detectify and other sources that help you to understand and resolve the issue.
How does it deal with rate-limiting or WAF protections during scans?
@serena_anam We support settings around rate limiting. For WAFs we also have tools to help you troubleshoot if for some reason scans are blocked despite whitelisting our scanner.