Knowledge Base
Everything you need to know about using APVISO for autonomous penetration testing. Browse by category or search for specific topics.
Getting Started
Learn the basics of APVISO
Quick Start Guide
Get up and running with APVISO in under ten minutes — from sign-up to your first vulnerability report.
How APVISO Works
Understand how APVISO's four AI agents work together to deliver thorough penetration testing with real-time results.
Your First Scan Walkthrough
A detailed, step-by-step guide covering exactly what to expect at every stage of your first APVISO scan.
Targets & Verification
Managing scan targets and ownership verification
Adding Scan Targets
How to add a domain or IP address as a scan target, including validation rules and what happens after creation.
Verifying Target Ownership
Step-by-step instructions for the three verification methods: DNS TXT record, file upload, and meta tag.
Domain Connect Verification
Use the Domain Connect protocol to verify ownership automatically without manually editing DNS records.
Authenticated Scanning
Configure authentication so APVISO can test pages and API endpoints behind login — supporting bearer tokens, cookies, API keys, and more.
Scanning
Running and managing penetration test scans
Starting a Scan
How to initiate a scan, choose a model preset, and understand what each preset means for depth and credit cost.
Understanding Scan Statuses
What each scan status means and what actions are available at each stage.
Retesting Findings
How to verify that vulnerabilities have been fixed by running targeted retests against specific findings.
Scheduled Scans
Set up recurring scans on a daily, weekly, biweekly, or monthly schedule to maintain continuous security coverage.
Findings & Reports
Understanding vulnerabilities and reports
Understanding Findings
What severity levels mean, how findings are structured, and how to interpret CWE/CVE references and compliance mappings.
Managing Finding Status
Track remediation progress using the finding status workflow — from open through to fixed, accepted risk, or false positive.
Scan Reports
How reports are generated, what they contain, and how to download them as Markdown or PDF.
Billing & Plans
Subscription plans, credits, and payments
Subscription Plans
Compare the four APVISO subscription tiers — Starter, Professional, Business, and Enterprise — and understand what each includes.
Understanding Credits
How the credit system works, what each model preset costs, and when credits reset.
Pay-As-You-Go Scanning
Use PAYG to scan beyond your subscription credits or to pay per scan without a subscription.
Managing Your Subscription
How to upgrade, downgrade, or cancel your plan, access the Stripe customer portal, and view invoices.
Integrations
Connect APVISO with your existing tools
Integrations Overview
An overview of APVISO's 40+ integration options, supported event types, and tier availability.
Setting Up Integrations
The generic flow for connecting any integration: select a provider, configure credentials, choose events, and test.
Webhook Integration
Set up custom webhooks to receive APVISO events at any HTTPS endpoint with signed payloads and automatic retries.
Compliance
Security frameworks and compliance tracking
Compliance Overview
Supported compliance frameworks and how APVISO maps findings to framework controls automatically.
Compliance Posture & Scoring
How posture scores are computed, how control assessments work, and how to track remediation velocity over time.
Trust Badges
Create and embed public trust badges on your website to demonstrate your security posture to customers.
API & MCP
Programmatic access and AI assistant integration
Generating API Keys
How to create and manage API keys for programmatic access to the APVISO API.
API Rate Limits
Understand APVISO's API rate limits, how to monitor usage via response headers, and how to handle 429 responses.
MCP Server Setup
Install and configure the APVISO MCP server for use with AI coding assistants like Cursor, Windsurf, and more.
Account & Security
Account settings, 2FA, and security