Detectify Deep Scan Reviews

Automated approach to testing vulnerabilities which saves a lot of time for the team. No need to track all dependencies manually.

Pricing has become complicated and is not competitive for small site scans.

We don't have to track updates and vulnerabilities for all dependencies and libraries in the repository.

Customer success team have been very helpful for us to get started. That meant a lot to get us started and really offloading our internal teams. The UI is very intuitive and easy to view (we don't yet use the API), reports are good. Also was easy to setup stuff like automated login for the scanner, SSO for users etc. We also use tagging a lot.

Not much bad to say about it really, but also I'm not the dev triaging it. More follow up reports and progress as a IT Security manager.

Offloading internal teams. Very easy to setup and maintain, which of course was the purpose of why were looking for a hosted scanner. Thanks to Detectify our dev teams have a natural way to triage security findings on a regular basis.

What most stood out to me was how easy it was to generate rich, insightful reports, even with no prior knowledge of how the tool worked. I was able to build reports in minutes that I expected to take hours.

In terms of dislikes, nothing immediate comes to mind. I suppose one thing that may be relevant is that the tool seemed intimidating / non-intuitive to me for the first few moments when I used it, but then again that's not really a big deal.

Compliance related to security and auditing our systems. The best benefit I have realized so far is the generation of reports in a short amount of time that enable us to pass compliance checks.

From the discoveries of new subjects, and for the ease of use, I also really like the integration of notifications, and detailing the vulnerabilities and how to perform their corrections.

It can improve the indicators, of how we are and what we have improved or worsened on top of each scanner, the score is sometimes not enough. I believe I could have a page with only this data.

The tool is helping me to discover DNS that the security team is not aware of, helping us to find risks to our environment with a very good speed. We can't see each other anymore without using the tool.

The hands-free, passive scanning and weekly reports delivered right to my email.

At times, looking at remediation documentation can be troublesome.

Detectify is doing the job of 2-3 people easily with the constant risk and violation detections. This is good automation.

Surface Monitor the old Asset monitor, result of vulnerabilities .

Nothing at this moment to use the tool but the price can be less expensive.

Some high and medium vulnerabilities.

I like how I can rely on Detectify to understand my company's attack surface, subdomains and vulnerabilities. Even after one year of use, there is still a lot of work to do there, and some security bugs that appear out of nothing, we use Detectify to check if it was already mapped. This helps a lot in everyday tasks.

Being from a country with a currency not much valorized, the price is something that we struggled with to get the tool, but it is just that. Besides currency, there is nothing to complain about. ^^

As a Cyber Security Engineer, with Detectify I can map the attacking surface, detect and validate the findings with rare false positives and reduce the risk of being attacked in the company where I work.

We were looking for an easy-to-use scanning tool that will allow us to check and audit our sites. We had tried Qualys and Intruder.io and both of those tools take forever to configure and it should not take that time. Detectify is super easy to use. One email and we were working. The Chrome add-on for the login credentials is a great plus. Scanning for vulnerabilities and the reports are excellent. Furthermore, it takes absolutely no time to get it configured.

The UI interface is simple, but sometimes it is a little bit confusing when browsing from and to the scan results. Sometimes it is not clear if a scan is running because you do not have any indication that the scan is going on. You can only see that on the Scan page. When a vulnerability is fixed, the system does not recognize this in the following scan. It keeps it in history.

If you need an easy-to-use and configure tool for scanning, this is your tool. You will be working and fixing things in no time. We started using this tool thanks to an online review, and we did not have high hopes, but it has been quite reliable and great to use.

We required an easy-to-use tool so we could check our sites for vulnerabilities. Detectify has proven perfect. Deep scan is really reliable and it has helped us fix some medium and minor risks we had. We will continue using Detectify because it is the perfect tool for the job we wanted to do.

The digest emails when Detectify finishes scanning my products. It's super easy to look and see the status of them in the morning.

The stress added to our servers. When running a scan, it makes tens of thousands of requests on our servers. Maybe it's a misconfiguration, but we needed to downsize the frequency from once a day to once a week.

I have noticed some security issues in our servers since we started using them.

The Deep Scan was impressively easy to use once I got through the asset verification process. The scan itself took a long time (about 7 hours), but I was very pleased to see all of the vulnerabilities laid out clearly and ranked by severity.

As a nonprofit organization where I am the only person managing the website, this is a game-changer in terms of securing our web presence. The Deep Scan showed vulnerabilities that I never would have known about without it. I also appreciate that each vulnerability links to more information, giving me the best possible chance to fix these issues on my own.

I had a little trouble getting verified at the beginning and the instructions weren't very helpful on how to use a DNS text record (more specifically, I didn't know to use "@" under host so it wasn't working properly). Maybe that is because the target audience should already know how to do this?

I'm not a developer (although I do have some programming experience), so I'm not 100% certain I will be able to make all of the necessary changes. I could see that being an issue for other organizations that lack a person with any technical know-how.

Detectify will help you identify potential areas where your website is vulnerable, but you will likely need a developer or security expert to help implement the needed fixes.

I am using the vulnerability report to research ways to make our website more secure. Our website has been hacked many times over the past year, and Detectify allows me to clearly see where the potential problems are. These are issues that I would not have been able to identify on my own.