Checksum Security Scanner

A learning cloud based security scanner

Security tests right in your browser

Checksum is a chrome extension that checks your web app for security vulnerabilities. You just need to go to your web app and test your features. We will record the process and even the network API calls made during the whole process and send it over to our cloud servers for processing.
You get an alert mail when the tests are complete. After fixing the issues, you just need to replay your last recorded process to verify if the issues discovered last time have been fixed or not. You can even rerun these checks periodically from our dashboard. Later, when you create new feature, just add a recording of it’s usage via our extension and you are good.

In case of proxies or installable scanners, you need to install a certificate before you can get the HTTPS data for analysis. Using a chrome extension bypasses this hurdle.
We can reuse the authentication token/cookie the browser receives after you login to your web app using your test account for crawling your website automatically. No need to provide authentication details and URLs to us.
If you are a startup or a fast moving company, checksum ensures you do security sanity checks quickly before releasing your product, for every release.

Security as simple as browing the web

Install the extension, browse to your web app/API explorer, login and use the features you want to check and our extension will smartly figure out the vulnerabilities and show they by order of importance. You can also use our spider mode (like other security scanners) to automatically crawl your app and discover links but it would be less effective and might not cover all your API endpoints.

Apart from the SQL injection, XSS, CSRF issues shown by traditional scanners, we also detect issues like use of vulnerable JS libraries, data leak due to improper authorization, missing secure HTTP headers and logical vulnerabilities like reset password token expiration, poorly designed OTP systems, exposed ports and software like Redis, elasticsearch on current machine etc. We intend to mostly focus on logical vulnerabilities automation.

Continuosly updated with new checks

With an ever increasing repository of public and privately known vulnerabilties, you are assured of checks against all known vulnerabilites and more.

Checksum automates known CVEs, and based on our own research automates the most commonly occuring vulnerabilites across some of the most popular applications.