Skip to content
BestDefense Docs

Quickstart

This guide takes you from a new account to your first security report. It uses Vortex scanning a web application as the example, but the shape is the same for any target.

Before you start

Section titled “Before you start”

You need:

  • A BestDefense account (sign up at app.bestdefense.io).
  • A target you’re authorized to scan — a web app or API you own or have permission to test.

1. Create your organization

Section titled “1. Create your organization”

When you first sign in, a short guided setup helps you create your organization and register your first site. An organization is the container for your targets, reports, members, and billing. See Onboarding for the full walkthrough.

2. Register and verify a target

Section titled “2. Register and verify a target”

Add the site you want to scan by its URL and choose its type (web application or API). BestDefense asks you to verify ownership of the domain by adding a DNS TXT record. Verification can take a few minutes to propagate; you can continue setting things up and let it finish in the background. For the full walkthrough — including subdomain auto-verification and IP addresses — see Managing sites.

3. Run your first scan

Section titled “3. Run your first scan”
  1. Go to Vortex in the app.
  2. Choose Run scan.
  3. Pick your target.
  4. Choose a scan type — start with Analog, which is available on every plan.
  5. Choose an intensityQuick is the fastest and is available on every plan.
  6. Optionally narrow the scan to specific routes if you’ve configured them — see route management. Otherwise the scan covers the whole site.
  7. Launch the scan.

The report page shows live progress while the scan runs.

4. Read the report

Section titled “4. Read the report”

When the scan finishes, open the report to see:

  • An overview with counts of findings by severity.
  • A findings list, grouped so related issues sit together.
  • Finding details — open any finding to see evidence, affected location, and guidance.

See Reading a Vortex report for a full tour.

5. Act on a finding

Section titled “5. Act on a finding”

For each finding you can:

  • Fix with AI — generate a code fix and open a pull request (requires a connected version-control integration). See AI remediation.
  • Accept the risk — formally record a decision not to fix it now. See Accepted risks.
  • Create a Jira ticket — hand it to your existing tracker. See Jira.

Next steps

Section titled “Next steps”