Dimension scores are derived from public data and fields; weighted into the composite. Reference only.
Detectify is a cybersecurity product focused on application security testing and attack surface management. Based on the crawled page content, its core positioning is “Application security testing reimagined.” It uses DAST (Dynamic Application Security Testing) methods to discover, classify, and scan all assets across the attack surface, covering domains, applications, and APIs. Its tagline, “Go hack yourself,” also suggests that the product leans more toward proactive testing and exposure validation rather than traditional perimeter defense.
In terms of protection type, Detectify mainly falls under application security testing, web attack surface scanning, and DAST tooling. It is suitable for dynamic testing of internet-facing assets that are already live. The page explicitly mentions “Discover, classify, and scan all assets,” indicating that it is not only a vulnerability scanner but also emphasizes asset discovery and classification. This can be valuable for organizations with a large number of domains, subdomains, web applications, and APIs.
However, the current text does not explain the deployment model, such as SaaS, self-hosted deployment, proxy nodes, or local scanners. It also does not disclose details about compliance certifications, reporting capabilities, alerting channels, permission management, ticket workflows, or integrations with CI/CD, SIEM, Slack, Jira, and similar platforms. Therefore, its enterprise operational maturity should be assessed with caution.
The crawled content does not include information about pricing models, plans, trials, or asset-based billing, so its cost-effectiveness cannot be accurately evaluated. Judging only from its positioning, it is better suited for security teams, DevSecOps teams, or enterprises with many internet-exposed assets that need continuous external attack surface identification and scanning for web applications and APIs. For a small website that only needs a one-off vulnerability assessment, whether it is worthwhile still depends on the actual quote.
Its strengths are a clear positioning around three key asset categories—domains, applications, and APIs—and the use of DAST methods, making it suitable for finding security issues in running applications. Asset discovery, classification, and scanning together form a relatively complete attack surface testing workflow.
The downside is that the publicly available text provides very limited information. It lacks details on deployment, integrations, alerting, compliance, and support, and it is not possible to judge its false-positive control, scan depth, API testing capabilities, or report quality.
Access from mainland China is unknown, and payment methods are not disclosed. If the buyer plans to use it in mainland China, it is advisable to first verify website accessibility, scanning node connectivity, cross-border data requirements, and available payment methods. If there are network or compliance limitations, localized web vulnerability scanning, attack surface management, or cloud security vendor solutions can also be evaluated as alternatives.
⚠ This review is compiled from public sources and does not constitute a purchase recommendation. Verify all facts on the vendor's official site. Verify on detectify.com official site.
detectify.com is an Sweden Security provider. TG4G tracks its product information, an overall rating of 8.0/10, and a China-accessibility score of Workable. Click "Visit Official Site" to reach detectify.com directly.