FAQ

General

Q. What is SecApps Lookout?

SecApps Lookout is an automated web application security scanning solution for continuous vulnerability assessments, monitoring and bug bounty hunting.

Q. What can I do with SecApps Lookout?

SecApps Lookout is best used as an automated web security assessment tool. It can be configured to scan a single target (deep scan) or many diverse targets (lightweight, wide-area scan). Unlike traditional web security scanners, Lookout can target thousands of targets simultaneously.

Q. Who are the main users of SecApps Lookout?

SecApps Lookout is designed to be used by small to large enterprises to supplement their web security scanning and bug bounty monitoring efforts. The output reports of the scans can be used as ISO271001 and SOC2 controls. If you have a bug bounty or a responsible vulnerability disclosure program, Lookout can provide continuous value to your Security and DevOps teams.

Q. What kind of output I can get with SecApps Lookout that I could not get with any other solution?

SecApps Lookout is a unique solution based on a proprietary web security scanning technology. We do not license our tools to other vendors.

Q. How do I interface with SecApps Lookout?

SecApps Lookout can be accessed by the Lookout application part of your Launchpad.

Q. How do I get started using SecApps Lookout?

It is straightforward to get started. All related resources and help materials are available online. The tool requires minimal initial user input. SecApps fully automates everything else.

Billing

Q. How much does SecApps Lookout cost?

Creating a Lookout instance does not cost anything. You pay what you use. Therefore the cost of SecApps Lookout largely depends on the type of utilization you require. You can find an example cost breakdown at SecApps Lookout's pricing page.

Q. How will I be charged and billed for my use of SecApps Lookout?

You get charged every time your Lookout instances are executed. All executions are accumulated in your monthly invoice. The invoice is billed against your credit card at the end of the month. It is also possible to pre-pay a credit that SecApps will use for executing your Lookout instances. Contact us for more information.

Q. Do your price include taxes?

Unless otherwise specified, all prices are exclusive of taxes.

Lookout

Q. What is a Lookout instance?

The Lookout instance is a single configuration of our internal web application security scanning and discovery engine.

Q. How many Lookout instances I can create?

You can create up to 1000 Lookout instances per account. SecApps can extend this limit per request.

Although it is possible to use a single Lookout instance for all work across several unrelated targets, you may want to use multiple configurations to extract more meaningful and specific information without the need to use filters.

Q. What does SecApps do with my Lookout instances?

SecApps is responsible for maintaining and running your Lookout instances per the defined schedule and configuration. SecApps does not use the data to form or influence other service offerings.

Q. How reliable are my Lookout executions?

Your Lookout executions are ultra-reliable and guaranteed to always run as per the defined scheduled interval and configuration. Instances are also continuously maintained and updated with more capabilities to reflect the ever-growing list of new attack techniques and vulnerabilities.

Q. How often my Lookout instances are executed?

By default, your Lookout instances are scheduled to run weekly as this provides the most value at a minimal cost. You can change the execution interval upon Lookout instance creation or subsequent edits. The execution interval can be set to "never" to stop the instance from running automatically.

Q. For how long my Lookout instances are executed?

Lookout instances are optimized to complete within 1-hour window. However, in some circumstances, the volume of data would require a significantly longer time. Therefore all Lookout executions have a hard limit of 12-hours per execution. Any Lookout instance running longer than 12-hours will be terminated, but you may still get charged. It is very unlikely that a Lookout instance exceeds the 12h threshold.

Security

Q. How secure is my data in SecApps Lookout?

SecApps takes security very seriously, and this is why we have baked in hard security controls around your data. Your data has encryption at rest and in transit. Data is not persisted for longer than three months (90 days). This means that any data older than this period is automatically removed. This data is not archived, so once removed, it cannot be recovered.

Q. How long my data is retained by SecApps Lookout?

Your data is retained for up to 90 days from the time it is stored.

Q. What options do I have for encrypting data stored on SecApps Lookout?

Your data is automatically encrypted with the highest possible encryption standard. SecApps does not need to access your data except for executing your Lookout instances and providing you access to read the data.

Q. Who can access my data?

You can access Lookout data from the Lookout app from your Launchpad. In addition, you can export your data in multiple formats, including CSV, JSON, XML and BSON. Your data will be available for up to 90 days from the time it is created.