Last Updated
Overview
Detectify is an External Attack Surface Management platform that continuously monitors internet-facing assets using ethical hacker-sourced threats. Its payload-based testing delivers high-accuracy results for AppSec teams. While defining scan profiles for large, custom applications can be time-consuming; it helps teams prioritize critical vulnerabilities. A free two-week trial is available.
Overall Rating
Based on 13 users reviews
4.2
Rating Distribution
Positive
69%
Neutral
31%
Negative
0%
Starting Price
Custom
Detectify Specifications
- Security Measure
- Threat Intelligence
- Security Audits And Reporting
- Security Information And Event Management (SIEM)
What Is Detectify?
Detectify is a cloud-based security solution that combines External Attack Surface Management (EASM) with Dynamic Application Security Testing (DAST). It continuously discovers and monitors all internet-facing assets—including domains, subdomains, and APIs—and automatically scans them using verified vulnerability research. This unique approach, fueled by a community of expert ethical hackers, ensures the platform tests zero-day and exploitable vulnerabilities before attackers can leverage them.
Detectify Pricing
Detectify pricing consists of three main plans:
- Surface Monitoring: up to 25 subdomains: €302 / month
- Application Scanning: 1 domain: €90/month
- API Scanning: 1 API: €90/month
Detectify offers a two-week free trial.
Disclaimer: The pricing is subject to change.
Detectify Integrations
Detectify integrates with many software including:
- Jira
- Slack
- OpsGenie
- Splunk
- Microsoft Teams
Who Is Detectify For?
Detectify is used by organizations of all sizes, from startups to large enterprises, across industries and sectors, including:
- Computer software
- Information technology and services
- Financial services and fintech
- Internet and E-commerce
- Media and telecommunications
Is Detectify Right For You?
Detectify stands out due to its proprietary DAST engine, which leverages vulnerability research submitted by a large community of over 400 ethical hackers. This crowdsourced intelligence means the platform tests the latest, actively exploited vulnerabilities and zero-days, not just known CVEs. The focus on payload-based testing delivers a high vulnerability assessment accuracy rate, drastically reducing the time security teams spend chasing false positives. This approach is critical for modern AppSec teams needing scalable, continuous security coverage for their dynamic digital assets.
Still not sure about Detectify? Contact our support team at (661) 384-7070 for further guidance.
Detectify Features
Centralized Platform Visibility
This centralized view provides application security (AppSec) teams with visibility into all internet-facing assets and their current security status. The dashboard offers complete coverage, combining automated Detectify features like surface monitoring and application scanning, ensuring teams have a single source of truth for their attack surface.
Continuous Asset Discovery
This component delivers continuous External Attack Surface Management (EASM), automatically discovering and inventorying all public-facing assets like domains, subdomains, and cloud resources. It monitors the entire DNS footprint for changes, providing comprehensive asset discovery and risk prioritization across your digital exposure.
In-Depth Web Application Testing
The dynamic application security testing (DAST) engine rigorously checks custom-built web applications for critical, exploitable vulnerabilities. It leverages advanced crawling and fuzzing techniques to maintain state and authenticate, ensuring deep, comprehensive assessment even within complex web applications.
Dynamic API Vulnerability Assessment
This feature focuses on dynamic, security-led assessment of modern APIs exposed via the external attack surface. It uses proprietary fuzzing and real-world payloads to confirm API vulnerabilities with high fidelity. It supports continuous assessment, providing actionable findings for AppSec teams integrated into development workflows.
Subdomain Takeover Prevention
This specialized monitoring capability continuously scans DNS records to identify and alert on domains susceptible to subdomain takeover attacks. It helps organizations eliminate a critical and common attack vector, providing domain-specific insights and clear remediation guidance to protect brand reputation and user trust.
Pros And Cons of Detectify
Pros
Crowdsourced ethical hacking finds zero-days with speed and broad coverage
Payload-based testing confirms exploits, reducing noise and false positives
Offers full visibility of the external attack surface, including shadow assets
Cons
Unfiltered alerts may overwhelm teams with low-priority exposure noise
Scaling across many sites requires costly, high-tier pricing plans
Detectify Reviews
Total 13 reviews
4.2
All reviews are from verified customers
Rating Distribution
5
Stars54%
4
Stars15%
3
Stars23%
2
Stars8%
1
Stars0%
Share your experience
Mid Market, 101-500 employees
“Integrates well with other tools”
Pros
The dynamic application security testing capabilities really stand out to me. It works well for teams looking to expand their security testing without dealing with complex configurations. Setting it up and customizing it is easy plus it integrates smoothly into our existing workflows.
Cons
The tool has some real gaps that need addressing. One major issue is the poor GraphQL support. It really struggles with mutations and queries. What bothers me most is how unclear the spidering results are. Sure, the crawling feature works but you never really know if it actually covered your entire application properly since there's barely any detail about what it found or missed during the process.
Rating Distribution
Ease of use
6
Value for money
6
Customer Support
9
Functionality
6
Small Business, 11-50 employees
“complex set up”
Pros
I really appreciate how comprehensive this tool is. There are so many security testing features available. I love that I can tailor everything to fit exactly what I need. The documentation is top-notch too giving clear guidance on fixing any issues that come up.
Cons
Since it's automated it doesn't provide the insights that a human tester would catch. The pricing can get high when you're testing multiple sites and the initial setup process is pretty complex.
Rating Distribution
Ease of use
7
Value for money
6
Customer Support
9
Functionality
7
Small Business, 1-10 employees
“Saves a lot of time”
Pros
The automated vulnerability testing is a huge time-saver for our team. We don't have to manually track dependencies anymore which frees us up for other tasks.
Cons
The pricing structure got pretty confusing lately and it's just not competitive anymore for smaller site scans.
Rating Distribution
Ease of use
9
Value for money
7
Customer Support
10
Functionality
9
Frequently Asked Questions
Does Detectify offer an API?
Yes, Detectify software offers an API.
What language does Detectify support?
Detectify supports English for its user interface, console, and vulnerability reporting.
What types of pricing plans does Detectify offer?
Detectify offers three main pricing plans: Surface Monitoring at €302/month for up to 25 subdomains, Application Scanning at €90/month for one domain, and API Scanning at €90/month for one API. Contact us to get a Detectify cost quote.
What level of support does Detectify offer?
The subscription includes access to an extensive knowledge base, documentation, and technical assistance via email and dedicated support channels for enterprise users.
Does Detectify have a mobile app?
No, Detectify does not offer a mobile app.
What other apps does Detectify integrate with?
Detectify integrates with popular collaboration and security tools, including Jira, Slack, OpsGenie, Splunk, and Microsoft Teams, enabling streamlined vulnerability reporting and response workflows.
Who are the typical users of Detectify?
Detectify is designed for startups to large enterprises in industries such as software, IT services, financial services, e-commerce, media, and telecommunications, where monitoring and securing web-facing assets is critical.