On behalf of the whole team here at AppCheck, we would like to take this opportunity to welcome you as a new customer.
AppCheck is a powerful platform for your Application, API and Infrastructure scanning; vulnerability management, and more.
Follow the steps in this guide to learn the basics of AppCheck and begin your onboarding journey.
1. Access the AppCheck Portal
Ensure you have access to the AppCheck portal at https://scanner.appcheck-ng.com.
You should be able to log in using your email address. If you have not received an account activation link, or it has expired, click Forgotten your password? to send a new activation email.
The fist time you log in you will be prompted to add AppCheck to an authenticator app for Multi-Factor Authentication (MFA). AppCheck supports the standard Time-Based One-Time Password (TOTP) system, so any popular authenticator app should work.
2. Take a quick look around your dashboard
Your personal Dashboard is the first page you see when you log in to the Portal. Take a quick look around: you'll see some Portlets, Alerts and a News section. The Help Menu ("?" mark at the bottom-right corner) will tell you more about each of these sections.
Optional: Install an AppCheck Private Scan Hub
AppCheck offers a Private Scan Hub solution for running scans from within your own infrastructure. If you have purchased this package, install this now:
If you have not purchased an AppCheck Private Scan Hub but you think you may need one, discuss this with your Onboarding Consultant in the meeting you'll book at the end of this process. They will be able to confirm if this would suit your use case, and direct you to your account manage if it is required.
3. Add Targets to your account's Target Scope
Assets you scan in AppCheck are known as Targets. Before you can scan a target, it must be added to your Target Scope. You can view your current Target Scope by selecting it from the main menu, and add new items by clicking Add Scope on the top right and following the wizard.
Add your initial targets now. You can add more later.
4. Allow AppCheck access to your Targets.
You can achieve more thorough scanning by ensuring that the scanner does not experience interference from your security systems. This involves adding the IP addresses of the scan hubs (found here for AppCheck's public scan hub; for private scan hubs use their internal IP address) to the allow-list in your defensive systems.
It is possible to scan without performing these steps, but many underlying vulnerabilities may go undiscovered as a result.
For more information please read Allowing AppCheck Access to Your Network and Applications.
5. Set up basic scans
To begin, we recommend setting up a basic scan of both a web application and an infrastructure target. Follow these guides up to and including Basic Settings.
If you wish you can also investigate advanced options such as scan authentication, or API scanning, though doing so will be easier after you have had your first Onboarding Meeting with your Hypercare Consultant.
6. Book a Meeting with your Onboarding Consultant
Go ahead and schedule your first onboarding call using our Booking Calendar. Time slots are selected on a first‑come, first‑served basis, so booking ahead helps you secure the time that works best for you.
The booking must be made by an authorized person. If you wish to authorize additional people you can create accounts for them in the AppCheck portal (see: Users and Users Groups), or reply to the "Welcome to AppCheck" email to provide us with their details in advance. Once the meeting has been booked you can share a link with other people; if an unauthorized person wishes to join the meeting then an authorized person will need to be present to grant permission.
During the live onboarding calls, we can review the following topics:
-
Authenticated Web Application Scanning and GoScript
Requirements: A valid target URL and a set of test login credentials. -
REST API Scanning
Requirements: A Swagger/OpenAPI definition file (JSON or YAML) that includes details about API endpoints, request methods, and parameters. -
Scan Health Check, Vulnerability Management, and Reporting
Overview of scan performance and key outputs, best practices for managing identified vulnerabilities, and guidance on reporting capabilities.
If you run into any technical issues, the AppCheck Technical Support team is ready to help, just let us know by completing the contact form.
We look forward to meeting you!
Comments
0 comments
Article is closed for comments.