Skip to main content

Core Modules

AppSec

AppSec is where ThreatWeaver tests the software you build and run — web applications, REST and GraphQL APIs, and mobile apps — for security weaknesses, and tracks the findings through to a fix. It also gives you a place to discover the AI tools in use across your organization and govern how they're used.

What it's for

  • Test an app for vulnerabilities — point ThreatWeaver at a target, run an assessment, and get back a prioritized list of findings with evidence.
  • Work findings to closure — confirm, accept, retest, and mark findings remediated, so nothing slips through the cracks.
  • See what AI is in use — discover AI tools across your environment, flag shadow AI, and manage which tools are approved.

Come here when you want to answer "Is this app safe to ship?", "What did the last scan find?", and "Which AI tools are people using, and are they approved?"

The screens in it

When you open AppSec, you land on the AppSec dashboard — a summary of your targets, active scans, open findings, and a security-posture score. A row of tabs across the workspace takes you to each area: assessments, targets, findings, compliance, reports, and the settings that support them.

AppSec — the AppSec dashboard with posture score, KPIs, and recent assessments

From here you can move to:

  • Application security scanning — the core loop of adding targets, running assessments, and triaging findings. See Application security scanning.
  • AI Security — discover and govern the AI tools in use across your organization. See AI Security.
  • Scan configuration and tools — scan templates, credentials, scan agents, the CSP generator, exceptions, and compliance. See Scan configuration and tools.

Where to go next