Back to Website
  1. Knowledge Base
  2. How to use Detectify
  3. Surface Monitoring

Scan Recommendations and Asset Classification

Alexander Matsson
Modified on: Wed, 18 Jun, 2025 at 11:17 AM

Detectify's domain classification organizes your attack surface and helps you understand what types of assets you have. With 9 out of 10 valuable web apps missing Application Scanning, this is especially important for breaking through the illusion of coverage and ensuring that you know which your important web apps are so that vulnerabilities can be identified and fixed. Bult on top of Surface Monitoring, Detectify's classification goes beyond focusing on high-value rich web apps to classify all your HTTP web assets.


Asset classes

For now, only HTTP assets are classified. Detectify will mimic a browser's behavior and report the same behavior as a browser would. This means that the response from HTTPS will take priority over the response from HTTP. The classes that your assets are categorized into are:


Redirects

  • 3xx External Redirect - These redirects take the client outside the domain it started on, e.g. "example.com/" redirects to "blog.example.com".
  • 3xx Internal Redirect - These redirects take the client to a different path on the same domain, e.g. "example.com/" redirects to "example.com/login".


HTTP errors

  • 4xx Client Error - These are an HTTP status code signaling that the request failed due to an issue on the client's side. Examples: 403 (Forbidden), which could indicate missing authentication or the client being blocked by WAF, or 404 (Not Found), meaning the specific page might not exist. The problem is with the user's request, not the server. 
  • 5xx Server Error - A 5xx server error is an HTTP status code. This means that the server encountered an unexpected condition that prevented it from fulfilling a request that appeared to be valid. The issue is on the server's side, not with the client's request. Examples include 500 (Internal Server Error) or 503 (Service Unavailable). The server is aware it erred or is incapable of performing the request.


Other web applications

  • Misc Webapp - These are small HTML applications that give a 200 response. They have a body length that is smaller than 100 characters. Typically, these sites are unfinished sites like those saying "Hello World", or sites where the client is blocked delivering a blocked message, or unfinished sites returning a default config page.
  • API - These are domains used for accessing an API. These serve content such as JSON, XML, or plain text.


Web applications

  • Basic Webapp - These are web applications that actually serve some real contentcompared to Misc webapps. However, these are more basic in terms of their functionality, such as in the different types of javascript they use, forms, cookie consent, analytics tools, etc. Such as sites serving static HTML content.
  • Rich Webapp - These web applications are richer than the Basic web applications. They typically contain lots of JavaScript; software for things such as cookie consent, analytics tools, marketing tools; security headers, and a lot of content.


Recommendation of what to scan with Application Scanning

Application Scanning is built to dig deep into your complex web applications. It crawls to find every page; it goes behind authentication with powerful tools like Recorded Login; it fuzzes and sends payloads testing for thousands of vulnerabilities. It is perfect for your Rich Webapps.


How it works

The classification is built on top of Surface Monitoring and uses the reconnaissance data already collected from itThus, it will be using the same IPs and user agents that Surface Monitoring uses; see this article for details on which IPs and user agents are used in order to ensure that our requests are allowed through your firewalls https://support.detectify.com/support/solutions/articles/48001049001-how-do-i-allow-detectify-to-scan-my-assets-.

© 2025 detectify | Go hack yourself.