Skip to content
Home DAST Tools AppCheck
AppCheck

AppCheck

Category: DAST
License: Commercial
Visit Website →
Suphi Cankurt
Suphi Cankurt
AppSec Enthusiast
Updated February 13, 2026
3 min read
Key Takeaways
  • Born as an internal penetration testing tool at SEC-1 (now Claranet Group), AppCheck detects 100,000+ known security flaws using browser-based crawling and dynamic fuzzing.
  • OSINT reconnaissance runs before active scanning — subdomain enumeration, tech fingerprinting, and certificate transparency log analysis widen the attack surface automatically.
  • GoScript Flows scripting language models multi-step user journeys including login sequences, form submissions, and business logic workflows for authenticated scanning.
  • VulnFeed vulnerability database updates hourly; licenses include unlimited scans and unlimited users. ISO 27001:2022 certified, UK-based.

AppCheck is a DAST platform that started life as an internal tool for penetration testers at SEC-1, now part of the Claranet Group. That origin shows in the product: it combines OSINT reconnaissance with browser-based crawling and dynamic fuzzing rather than relying on signature matching alone.

AppCheck vulnerability coverage showing detection across OWASP Top 10 categories

The platform scans web applications, APIs, and infrastructure using browser-based crawling and OSINT reconnaissance. ISO 27001:2022 certified, based in the UK.

Key Features

FeatureDetails
Vulnerability coverage100,000+ known security flaws
Crawling engineReal browser rendering (handles SPAs, AJAX, WebSockets)
OSINT reconSubdomain enumeration, tech fingerprinting, cert transparency logs
API testingOpenAPI/Swagger, GraphQL, SOAP
Custom workflowsGoScript Flows scripting language
Vuln databaseVulnFeed with hourly updates
Detection methodsDynamic fuzzing, out-of-band, IDOR detection
LicensingUnlimited scans and users per license
CertificationsISO 27001:2022
Browser-Based Crawling
Uses a real browser engine to render pages, execute JavaScript, and interact with SPAs built on React, Angular, or Vue. Finds endpoints that traditional HTTP-parsing crawlers miss entirely.
OSINT Reconnaissance
Before active scanning starts, AppCheck gathers intelligence on the target: subdomain enumeration, technology stack fingerprinting, certificate transparency log analysis, and DNS record inspection. This widens the attack surface before a single probe is sent.
GoScript Flows

A custom scripting language for modeling multi-step user journeys. Script login sequences, form submissions, and business logic workflows.

The scanner follows these scripts during testing to reach areas behind authentication or complex navigation.

AppCheck detection results showing vulnerability findings with severity ratings

VulnFeed Database

AppCheck maintains its own vulnerability database, VulnFeed, updated hourly with newly published vulnerabilities. This means the scanner picks up new attack vectors faster than tools that rely on monthly or quarterly signature updates.

Pentest-Grade Detection
In benchmark tests, AppCheck found every vulnerability identified by manual penetration testers plus three additional critical flaws. It completed the assessment in under half the time. The tool also generates proof-of-exploitation for confirmed findings.

Out-of-Band and IDOR Detection

AppCheck goes beyond standard request-response testing. The OWASP Testing Guide identifies out-of-band techniques as essential for detecting blind injection flaws.

AppCheck’s out-of-band detection catches vulnerabilities where the exploit triggers a callback to an external server rather than returning data in the HTTP response.

The scanner also automates IDOR (Insecure Direct Object Reference) detection, a class of access control flaws that most DAST tools skip.

Integrations

CI/CD & DevOps
Azure DevOps Azure DevOps
Jenkins Jenkins
TeamCity TeamCity

AppCheck also has an open API for custom build pipeline integrations.

Compliance Reporting

Reports map findings to specific compliance frameworks:

  • PCI DSS requirements
  • OWASP Top 10 coverage
  • CWE classification
  • Custom report templates
  • Executive summaries and technical breakdowns

Getting Started

1
Sign up — Create an account on the SaaS platform at appcheck-ng.com, or deploy the on-premises version in your own environment.
2
Add targets — Enter your web application domains, API endpoints, or internal infrastructure ranges. AppCheck handles both external and internal scanning.
3
Configure authentication — Set up login credentials or use GoScript Flows to script complex authentication sequences the scanner should follow.
4
Launch scan — Choose a scan profile and start. The OSINT phase runs first, followed by browser-based crawling and active vulnerability testing.
5
Review and export — Findings include severity ratings, proof-of-exploitation where available, and remediation guidance. Export as compliance reports or push to your issue tracker.
Best For
Organizations that want pentest-quality automated scanning with OSINT built in. The unlimited scans and users per license makes it cost-effective for larger teams. Good fit for UK-based companies needing data residency compliance.

Limitations

AppCheck is less well-known than Burp Suite or Acunetix, which means fewer community resources and third-party guides. The GoScript Flows scripting language has a learning curve if you need to model complex business logic. No free tier exists.

AppCheck is a DAST tool focused on web applications, APIs, and infrastructure. Pair it with SAST for source code analysis and manual testing for logic flaws that automated scanners cannot catch.

To understand how DAST complements other testing approaches, read our SAST vs DAST vs IAST comparison. Teams needing CI/CD-native scanning should also evaluate StackHawk or Bright Security.

Note: ISO 27001:2022 certified. Unlimited scans and users per license.

Frequently Asked Questions

What is AppCheck?
AppCheck is a UK-based DAST platform that grew out of a tool used internally by penetration testers at SEC-1 (now part of Claranet Group). It combines browser-based crawling with OSINT reconnaissance to scan web applications, APIs, and infrastructure.
Is AppCheck free or commercial?
AppCheck is commercial with both SaaS and on-premises deployment options. Licenses include unlimited scans and unlimited users, so pricing does not scale with team size or scan volume.
What vulnerabilities does AppCheck detect?
AppCheck detects over 100,000 known security flaws across OWASP Top 10 categories. It also uses dynamic fuzzing and out-of-band detection techniques to find zero-day vulnerabilities that signature-based scanners miss.
What is GoScript Flows?
GoScript Flows is AppCheck’s custom scripting language for modeling multi-step user journeys. You can script login sequences, form submissions, and business logic workflows that the scanner follows during testing.
How does AppCheck compare to manual penetration testing?
In benchmark tests, AppCheck found all vulnerabilities identified by manual penetration testers plus three additional critical flaws, and completed the assessment in under half the time.
How we review tools Suggest an edit

Other DAST Tools

Acunetix
Acunetix

Multi-Platform Easy-to-Use DAST

Astra Security
Astra Security

AI-Powered Continuous Pentest Platform

Beagle Security
Beagle Security

AI-Powered Pentesting Platform

Bright Security
Bright Security

Developer-First CI/CD DAST

Burp Suite
Burp Suite

Web Application Pentesting Toolkit

Dastardly
Dastardly

Free CI/CD DAST from PortSwigger

See all DAST tools

Complement with IAST

Pair dynamic testing with runtime instrumentation for broader coverage.

Contrast Security
Contrast Security

Runtime-Powered Application Security

Acunetix AcuSensor
Acunetix AcuSensor

Line-of-Code Details

See all IAST tools

Learn More

Free DAST Tools What is DAST?

Explore all DAST guides and tools