Automated Penetration Testing

Q: Does your vulnerability scanner include authenticated areas of a web app?

Yes, you can carry out authenticated web application scans with Intruder. Perform thorough reviews of your modern web applications and websites, including single page applications (SPAs), to identify dangerous bugs which could have a severe business impact if not resolved. To learn more, visit here .

Intruder is an automated vulnerability scanner that finds cyber security weaknesses in your digital infrastructure, to avoid costly data breaches.

Try for free

Get a demo

Join thousands of companies worldwide protecting their attack surface

What is automated penetration testing?

To explain automated penetration testing, first we must briefly explain penetration testing. A penetration test is a process where a skilled security tester attempts to find weaknesses, and breach the security of your systems. An automated penetration test is just an automated version of this, right?

Well, yes, sort of! In reality penetration tests involve a range of activities, some of which are manual and some of which can and should be automated. For example, when guessing passwords, a human tester might look at the individuals in a company, and tailor some of their guesses based on birthdays or pets’ names found online; they might even manipulate the company name or office address in the hope it might yield something interesting. However, when it comes to detecting known software flaws – like a server that’s missing security patches, common passwords, or unintended exposure to the internet – this can and should be automated. The tools that find these flaws are actually used by penetration testers, and so are sometimes called automated pen-testing tools, or online penetration testing tools, but are most commonly known as vulnerability scanners.

Historically, penetration tests were usually carried out once or twice per year. However, as the prevalence of automated attacks increases, businesses can no longer afford to rely on one or two check-ups per year. As a result, they are looking for more automated penetration testing tools (which we now know are also called vulnerability scanners). Intruder is an example of a vulnerability scanner, offering year-round protection from opportunistic attackers.

Online penetration testing tool  to detect the latest weaknesses

Intruder works seamlessly with your technical environment to test your systems for security from the same perspective (the internet) as the people who are looking to compromise it, using industry leading penetration testing software (software used by penetration testers) under the hood. While there are a few options available for using online penetration testing tools, Intruder is designed to be simple and fast, so you can get set-up and protected in little to no time.

What's more, Intruder includes Emerging Threat Scans, which proactively check your systems for newly discovered vulnerabilities soon after they are disclosed. It may not be a fully automated penetration test, but it certainly is like having an automated penetration tester watching over your systems! This feature is just as valuable to small businesses as it is to large enterprises as it mitigates the manual effort required to stay abreast of the latest threats. Protecting your systems is a far less daunting task when you have an automated tool monitoring between manual assessments.

A quality automated testing tool

Intruder uses the same underlying scanning engine that the big banks do, so you can enjoy high quality automated security checks, without the complexity. As part of our commitment to simplicity, we use a proprietary noise reduction algorithm which separates the informational from the actionable – so you can focus on what really matters to you and your business.

Intruder ensures that your systems are being continuously monitored for a spectrum of vulnerabilities, including web-layer security problems (such as SQL injection and cross-site scripting); infrastructure weaknesses (such as remote code execution flaws); and other security misconfigurations (such as weak encryption, and services that are unnecessarily exposed). A comprehensive list of all ~150,000 checks can be found in the Intruder portal.

Intruder finds attack surface issues such as exposed databases and admin panels.

Simple, seamless and effective

Scan results from other automated security testing tools can be challenging for those who are new to the world of security. Conversely, Intruder’s reports are easy to navigate, interpret and action — offering context for what could really happen if the issues we find were exploited. Moreover, the language we use deliberately strikes a careful balance between concise and coherent (for the less tech-savvy), but thorough enough that the team responsible for remediation have everything they need to ensure your systems remain secure.

For this reason, using Intruder could be compared to having had an automated penetration test — as what penetration testers often do is take the results from a vulnerability scanner, interpret them by filtering out the noise, and present them in a more readable way. Exactly what we do, but in an automated way.

Make continuous penetration testing a reality

Want to find weaknesses that evade the capabilities of automated tools? Intruder’s expert team proactively seek out weaknesses within the assets under the protection of the Vanguard solution — even closer to what you might want from an automated penetration test. Our team will analyze your scan results considering the business context of each vulnerability; reducing the number of false positives and finding dangerous vulnerabilities that are not apparent to automated scanners.

Using clever automation, we make it possible to do this year-round, so that automated penetration testing dream is one step closer to reality.

Bug bounty finds issues such as Subdomain takeover and exposed credentials

Our customers think we're excellent

Rated 4.8 out of 5 with over 140 reviews

"Intruder helps to build more proactive, secure, and agile IT teams. It provides a huge benefit in proactive change detection, where it will advise when new instances or hosts are detected as well as any vulnerabilities that it may have."

Ben Camilleri

CTO at Westhaven Association

"Intruder is easy to use and to setup. We had an external pen test done, and I could compare the result and it was more extensive than the result we had. Nothing was missed! So easy to use and reliable."

Fred Kramer

Managing director at pLAN8 C&D BV

"Intruder doesn't waste any time getting to the bottom of your issue, providing you with examples, and best steps for remediation. Super-fast response and quick resolution."

Ethan Brush

Information Technology Project Engineer at Citara Systems

"Convenient but thorough vulnerability testing wrapped in an affordable package! Remediation instructions are excellent and easy to follow. Emerging threat scans may prove critical."

Roy McKenzie

Director of Information Technology at G&S Foods LLC

"Intruder is thorough, reliable and regular. It gives me peace of mind that we are being tested regularly to a high standard, which in turn gives my customers peace of mind."

Oliver Stanley

CEO at Kudocs Ltd

"Intruder’s Customer Support and Product teams cannot be beaten. Customer support is always reachable in a short amount of time and professional. The Product Team has a feedback forum where end-users can discuss and vote on product enhancements."

Stephen Dufour

Chief Information Security Officer, Embold Health

"As an MSP / MSSP focused on the SMB marketplace, finding easy-to-use, cost-effective, and robust tools is hard to come by. Intruder has allowed us to layer on external and internal vulnerability scanning at scale to our entire client base."

Matthew Rydzfski

Partner and Solutions Engineer at PremierePC Technology Group

"As an organisation expands, ensuring the security of all digital assets from the moment of their deployment can be a daunting task for a CISO. Intruder has been invaluable in providing me with the confidence that our digital assets are securely configured and monitored against potential cyber threats."

Christopher Spencer

Group Chief Information Security Officer, Globalreachtech

Should I do manual or automated penetration testing?

To achieve a robust level of security, we recommend performing both manual and automated penetration testing (more commonly known as vulnerability scanning). The automated tools provide continuity of security and speed whereas humans excel at finding more complex vulnerabilities, so you will benefit from combining the two. Read our blog to find out more about the differences.

How long does a vulnerability scan take?

The vulnerability scans can take anywhere from 15 minutes to several hours to complete, depending on your systems and their setups. Read our help article for more information.

What type of penetration testing should I perform?

There are many types of services on the market, such as network, web application, and automated penetration testing. If you’re not sure where to start, we’d recommend reading this article to find out which one is right for you. Or contact us for support, we would be more than happy to help!

Does your vulnerability scanner include authenticated areas of a web app?

Yes, with Intruder you can carry out authenticated web application scans. Perform thorough reviews of your modern web applications and websites, including single page applications (SPAs), to identify dangerous bugs which could have a severe business impact if not resolved.

Do you offer manual penetration testing services?

In addition to fully automated scanning, we have a team of certified penetration testers at Intruder who can find complex issues beyond immediately available scan results as part of our Private Bug Bounty service.

Is penetration testing the same as vulnerability scanning?

The term “penetration testing” typically represents a manual process by which a cyber security professional attempts to uncover weaknesses in your IT infrastructure. In contrast, vulnerability scanning is automated, which means that you can run periodic scans on your systems as often as you need to, in order to avoid being breached. It is also worth noting that vulnerability scanning is often the first step performed by penetration testers to determine the overall state of your systems before proceeding with more in-depth manual reviews. Read our blog to find out more about the differences.