Heyhack's proprietary pentest engine includes both tests for zero-day vulnerabilities and tests for known security issues (published in the Common Vulnerabilities and Exposures database). By combining active penetration testing with traditional vulnerability scanning, you'll get a complete overview of all potential security issues in your application with one single tool.
To find zero-day vulnerabilities, we've built our own AI-powered penetration test engine that actively and offensively attempts to find and exploit security issues in your application with the purpose of penetrating your infrastructure. Heyhack only flags an issue if the scanner has been able to successfully exploit the found issue, which eliminates false positives and helps you gain a complete and transparent overview of all potential issues.
In addition, we rely on community efforts to find known vulnerabilities (i.e., security issues that have been assigned a CVE ID). Together with the zero-day issues found by our own proprietary engine, you'll get one unified presentation of the issues you need to address in your application.