Detectify announced new Asset Classification and Scan Recommendations capabilities. This innovation directly addresses a critical challenge for security teams: knowing what else, beyond their core applications, requires in-depth testing. The new features automatically classify discovered web assets based on attacker reconnaissance techniques and deliver recommendations on where to run DAST, helping organizations bridge the gap between broad and deep vulnerability testing across their entire attack surface.

Security teams know they must test their main applications, but they often wonder which other assets to cover. Detectify reveals a significant gap in web app testing: on average, organizations miss testing 9 out of 10 of their complex web apps. Alarmingly, over half of organizations miss all their valuable apps when getting started with scanning, reflecting their uncertainty about where to deploy scans.

This challenge affects organizations regardless of size; even those with fewer than 10 valuable web apps typically test only about 30% of them, and coverage declines as their attack surface increases, demonstrating a consistent struggle to scale AppSec testing on targets attractive to attackers.

Detectify’s newly announced capabilities address this challenge directly by integrating intelligence into its platform. This enables customers to easily identify and swiftly act on their complex web applications, seeing both the forest, which represents their entire attack surface, and the trees, symbolizing each web app. The new capabilities include:

• Asset classification: Analyzes and categorizes all web assets discovered by Detectify, focusing on the presence of specific attributes that can indicate the purpose of each app (e.g., libraries, forms, body length, certain headers). This reflects insights from Detectify’s continuous monitoring with an approach that mimics attacker reconnaissance. As new web apps emerge without the security teams’ knowledge, this feature enables them to identify and categorize assets for further investigation and testing.
• Scan recommendations: Provides intelligent suggestions for web apps to test based on their classification and attractiveness to attackers. It identifies which apps need thorough testing, particularly through deep crawling and fuzzing with DAST, utilizing insights from the Detectify Crowdsource community of ethical hackers and AI-driven assessments from Detectify Alfred.

“It’s time to break the illusion of coverage. Attackers thrive on the discrepancy between what you believe you’re exposing and what you’re actually exposing,” said Rickard Carlson, CEO at Detectify. “The days of blindly deploying DAST and chasing shadows are over. We are helping AppSec teams direct their resources toward protecting the targets that actually matter.”

These capabilities enable AppSec teams to allocate resources confidently, shifting focus from manually guessing what to test, to automatically knowing where the highest risks lie. Organizations can now focus deep DAST scanning efforts where they’ll have the most impact while maintaining broad dynamic coverage over their complete attack surface. Scan Recommendations and Asset Classification are being rolled out to Detectify customers in the coming weeks. More information here.