Knowledge Base
Everything you need to know about using APVISO for autonomous penetration testing. Browse by category or search for specific topics.
Getting Started
Learn the basics of APVISO
Quick Start Guide
Get up and running with APVISO in under ten minutes — from sign-up to your first vulnerability report.
How APVISO Works
Understand how APVISO's four AI agents work together to deliver thorough penetration testing with real-time results.
Your First Pentest Walkthrough
A detailed, step-by-step guide covering exactly what to expect at every stage of your first APVISO pentest.
Targets & Scope
Managing pentest targets and runner reachability
Adding Pentest Targets
How to add a domain or IP address as a pentest target, including validation rules and what happens after creation.
Deprecated Target Verification
Historical note for DNS, file, and meta-tag ownership verification.
Domain Connect Verification
Historical note for the retired Domain Connect ownership verification flow.
Authenticated Pentesting
Configure authentication so APVISO can test pages and API endpoints behind login — supporting bearer tokens, cookies, API keys, and more.
Pentesting
Running and managing penetration test pentests
Starting a Pentest
How to initiate a pentest, choose a pentest package, and understand what each package means for depth and runtime.
Understanding Pentest Statuses
What each pentest status means and what actions are available at each stage.
Retesting Findings
How to verify that vulnerabilities have been fixed by running targeted retests against specific findings.
Scheduled Pentests
Set up recurring pentests on a daily, weekly, biweekly, or monthly schedule to maintain continuous security coverage.
Findings & Reports
Understanding vulnerabilities and reports
Understanding Findings
What severity levels mean, how findings are structured, and how to interpret CWE/CVE references and compliance mappings.
Managing Finding Status
Track remediation progress using the finding status workflow — from open through to fixed, accepted risk, or false positive.
Pentest Reports
How reports are generated, what they contain, and how to download them as Markdown or PDF.
Billing & Plans
Subscription plans, runner capacity, and payments
Subscription Plans
Compare the APVISO plans — Pay per pentest, Launch, Team, Partner, and Enterprise — and understand what each includes.
License Usage
How self-hosted license state, runner health, and target visibility control pentest starts.
Pay Per Pentest
How the pay-per-pentest base tier works, including the automatic refund for empty or errored pentests.
Managing Your Subscription
How to upgrade, downgrade, or cancel your plan, access the Stripe customer portal, and view invoices.
Integrations
Connect APVISO with your existing tools
Integrations Overview
An overview of APVISO's 40+ integration options, supported event types, and tier availability.
Setting Up Integrations
The generic flow for connecting any integration: select a provider, configure credentials, choose events, and test.
Webhook Integration
Set up custom webhooks to receive APVISO events at any HTTPS endpoint with signed payloads and automatic retries.
Compliance
Security frameworks and compliance tracking
Compliance Overview
Supported compliance frameworks and how APVISO maps findings to framework controls automatically.
Compliance Posture & Scoring
How posture scores are computed, how control assessments work, and how to track remediation velocity over time.
Trust Badges
Create and embed public trust badges on your website to demonstrate your security posture to customers.
API & MCP
Programmatic access and AI assistant integration
Generating API Keys
How to create and manage API keys for programmatic access to the APVISO API.
API Rate Limits
Understand APVISO's API rate limits, how to monitor usage via response headers, and how to handle 429 responses.
MCP Server Setup
Install and configure the APVISO MCP server for use with AI coding assistants like Cursor, Windsurf, and more.
Account & Security
Account settings, 2FA, and security