Detectify raises €5M for its crowdsourced website vulnerability scanner

Sweden-based Detectify, which offers a website vulnerability scanner that is in part powered by the crowd, has raised €5 million in new funding. The round was led by New York-based venture capital and private equity firm, Insight Venture Partners. Existing investors, Paua Ventures and Inventure, also participated.

Founded in late 2013 by a self-described group of “white-hat hackers” from Sweden, the now 20-person strong company offers a website security tool that uses automation to scan websites for vulnerabilities to help customers (i.e. developers) stay on top of security. The more unique part of the service, however, is that it is in part maintained — or, rather, kept up to date — via the crowd in the form of Detectify’s ethical hacker network.

This sees top-ranked security researchers submit vulnerabilities that are then built into the Detectify scanner and used in customers’ security tests. The really clever part is that researchers get paid every time their submitted module identifies a vulnerability on a customer’s website. In other words, incentives are always kept aligned, giving Detectify a potential advantage and greater scale compared to similar website security automation tools.

“Companies are building applications and users happily enter their data into these applications, but the applications are built from mix of technologies that are changing rapidly (open source, plugins, funky js-frameworks), without a clear vendor “responsible” for the security,” says Detectify co-founder and CEO Rickard Carlsson, explaining the problem the startup set out to solve.

“As no clear vendor is responsible for communicating about security [as compared to a Windows patch, for example], the knowledge sits in the community. We wanted to build a platform that takes the knowledge from white-hat and supercharges it with automation”.

Put more simply, developers typically have a long backlog of things to do and security testing often “falls between the cracks” because of limited time. It’s also near-impossible for any single developer to manually security test their code while keeping up with the latest vulnerabilities. By using automation, the wisdom of the crowd, and via integrations with popular developer tools, Detectify aims to help catch security issues before every new release and as part of a developer’s normal workflow.

To that end, Detectify already counts customers spanning a range of industries and company sizes, including Trello, Le Monde, and King. “It might have been easier to target a specific segment but we have a land and expand strategy. We also aim to make the internet a safer place, hence we want to offer our solution to organisations of all sizes,” says Carlsson.

Meanwhile, he does concede that automated vulnerability scanning tools aren’t new, but says one key difference is that the Detectify team comes from the world of ethical hacking instead of the world of compliance. “Our tool offers a great UI/UX, high-quality results and the latest security tests thanks to our crowdsourcing,” he adds.