Knowledge Base - apviso [APVISO](/)Product

Resources

Developers

Company

[Pricing](/#pricing)[Partners](/partners)[Enterprise](/enterprise)

[Login](/login)[Start free pentest](/register?intent=free-local-pentest)

[Login](/login)[Start free](/register?intent=free-local-pentest)

[Home](/)Knowledge BaseKnowledge Base
==============

Everything you need to know about using APVISO for autonomous penetration testing. Browse by category or search for specific topics.

[API Reference →](/docs/api)[MCP Server Docs →](/docs/mcp)

Getting Started
---------------

Learn the basics of APVISO

[### Quick Start Guide

Get up and running with APVISO in under ten minutes — from sign-up to your first vulnerability report.](/docs/quick-start-guide)[### How APVISO Works

Understand how APVISO's four AI agents work together to deliver thorough penetration testing with real-time results.](/docs/how-apviso-works)[### Your First Pentest Walkthrough

A detailed, step-by-step guide covering exactly what to expect at every stage of your first APVISO pentest.](/docs/first-scan-walkthrough)

Targets &amp; Scope
-------------------

Managing pentest targets and runner reachability

[### Adding Pentest Targets

How to add a domain or IP address as a pentest target, including validation rules and what happens after creation.](/docs/adding-targets)[### Deprecated Target Verification

Historical note for DNS, file, and meta-tag ownership verification.](/docs/target-verification)[### Domain Connect Verification

Historical note for the retired Domain Connect ownership verification flow.](/docs/domain-connect-verification)[### Authenticated Pentesting

Configure authentication so APVISO can test pages and API endpoints behind login — supporting bearer tokens, cookies, API keys, and more.](/docs/authenticated-scanning)[### How to Pentest Localhost Before Launch

Use APVISO's Free Local Pentest workflow to review a localhost web app before launch.](/docs/how-to-pentest-localhost-before-launch)[### Free Local Pentest vs Free Website Security Scanner

Understand how APVISO's localhost-only free review differs from generic hosted website scanners.](/docs/free-local-pentest-vs-free-website-security-scanner)[### How to Pentest a Next.js, Rails, or Laravel App Locally

Prepare common web frameworks for a localhost APVISO Launch Review.](/docs/pentest-nextjs-rails-laravel-locally)

Pentesting
----------

Running and managing penetration test pentests

[### Starting a Pentest

How to initiate a pentest, choose a pentest package, and understand what each package means for depth and runtime.](/docs/starting-a-scan)[### Understanding Pentest Statuses

What each pentest status means and what actions are available at each stage.](/docs/scan-statuses)[### Retesting Findings

How to verify that vulnerabilities have been fixed by running targeted retests against specific findings.](/docs/retesting-findings)[### Scheduled Pentests

Set up recurring pentests on a daily, weekly, biweekly, or monthly schedule to maintain continuous security coverage.](/docs/scheduled-scans)[### OWASP ZAP vs APVISO Free Local Pentest

Compare a manual/proxy-first local ZAP workflow with APVISO's runner-driven free local Launch Review.](/docs/owasp-zap-vs-apviso-free-local-pentest)

Findings &amp; Reports
----------------------

Understanding vulnerabilities and reports

[### Understanding Findings

What severity levels mean, how findings are structured, and how to interpret CWE/CVE references and compliance mappings.](/docs/understanding-findings)[### Managing Finding Status

Track remediation progress using the finding status workflow — from open through to fixed, accepted risk, or false positive.](/docs/managing-finding-status)[### Pentest Reports

How reports are generated, what they contain, and how to download them as Markdown or PDF.](/docs/scan-reports)

Billing &amp; Plans
-------------------

Subscription plans, runner capacity, and payments

[### Subscription Plans

Compare the APVISO subscription tiers — Solo, Launch, Team, Partner, and Enterprise — and understand what each includes.](/docs/subscription-plans)[### License Usage

How self-hosted license state, runner health, and target visibility control pentest starts.](/docs/license-usage)[### Legacy Pay-As-You-Go

How legacy PAYG billing records relate to the current self-hosted license model.](/docs/pay-as-you-go)[### Managing Your Subscription

How to upgrade, downgrade, or cancel your plan, access the Stripe customer portal, and view invoices.](/docs/managing-subscription)

Integrations
------------

Connect APVISO with your existing tools

[### Integrations Overview

An overview of APVISO's 40+ integration options, supported event types, and tier availability.](/docs/integrations-overview)[### Setting Up Integrations

The generic flow for connecting any integration: select a provider, configure credentials, choose events, and test.](/docs/setting-up-integrations)[### Webhook Integration

Set up custom webhooks to receive APVISO events at any HTTPS endpoint with signed payloads and automatic retries.](/docs/webhook-integration)

Compliance
----------

Security frameworks and compliance tracking

[### Compliance Overview

Supported compliance frameworks and how APVISO maps findings to framework controls automatically.](/docs/compliance-overview)[### Compliance Posture &amp; Scoring

How posture scores are computed, how control assessments work, and how to track remediation velocity over time.](/docs/compliance-posture)[### Trust Badges

Create and embed public trust badges on your website to demonstrate your security posture to customers.](/docs/trust-badges)

API &amp; MCP
-------------

Programmatic access and AI assistant integration

[### Generating API Keys

How to create and manage API keys for programmatic access to the APVISO API.](/docs/generating-api-keys)[### API Rate Limits

Understand APVISO's API rate limits, how to monitor usage via response headers, and how to handle 429 responses.](/docs/api-rate-limits)[### MCP Server Setup

Install and configure the APVISO MCP server for use with AI coding assistants like Cursor, Windsurf, and more.](/docs/mcp-server-setup)

Account &amp; Security
----------------------

Account settings, 2FA, and security

[### Two-Factor Authentication

Secure your account with TOTP-based two-factor authentication and recovery codes.](/docs/two-factor-authentication)[### Notification Preferences

Configure how and when APVISO notifies you — via email, Slack, webhooks, or in-app notifications.](/docs/notification-preferences)

[APVISO](/)Autonomous AI-powered penetration testing for modern web applications.

Subscribe

[](https://github.com/apviso)[](https://x.com/Apviso_com)[](https://www.linkedin.com/company/apviso/)

[![Featured on Good AI Tools](https://goodaitools.com/assets/images/badge.png)](https://goodaitools.com/ai/apviso)

Product

- [Features](/#features)
- [Pricing](/pricing)
- [Integrations](/integrations)
- [Benchmarks](/#compare)
- [Affiliate Program](/affiliate)
- [Partners](/partners)
- [Enterprise](/enterprise)

Resources

- [Blog](/blog)
- [Use Cases](/use-cases)
- [Glossary](/glossary)
- [Comparisons](/comparisons)
- [Alternatives](/alternatives)
- [Compliance](/compliance)
- [Vulnerabilities](/vulnerabilities)
- [Industries](/industries)
- [OWASP APTS](/trust/apts)

Developers

- [Knowledge Base](/docs)
- [API Reference](/docs/api)
- [MCP Server](/docs/mcp)

Company

- [About](/about)
- [Contact](/contact)
- [Status](https://status.apviso.com)
- [Privacy Policy](/legal/privacy)
- [Terms of Service](/legal/terms)

© 2026 APVISO. All rights reserved.