SSL/TLS certificates make the internet a safer place, but many companies are unaware that their certificates can become a looking glass into the organisation – potentially leaking confidential information and creating new entry points for attackers.
When was the last time you checked DNS configurations for subdomains pointing at services not in use? According to Crowdsource ethical hacker Thomas Chauchefoin, while expired and forgotten subdomains can easily become an entrypoint for an attacker to steal sensitive data, a robust attack surface management programme in place can keep them at bay.
Detectify is driving the future of internet security with automation and crowdsourcing hacker research. It’s focused on helping companies detect anomalies in their web attack surface at scale, and creative automated hacks in the web app layer in time.
The underrated threat of domain takeover and hacking a firm’s internal and external attack surface can enable malicious actors to circumvent many advanced website protection mechanisms. However, Detectify Crowdsource hacker Jasmin Landry says that deploying an external attack surface management (EASM) system can help beef up your security before a malicious hacker wreaks havoc on your company. A common aphorism in cybersecurity is that there’s no such thing as perfect security.
World Mental Health Day is recognized annually on October 10. At Detectify, we witness the fast pace of cybersecurity each day and to keep up we sometimes need to slow down. We recognize the important of mental health and this year, we asked Crowdsource hacker and founder of Haksec, Luke “Hakluke” Stephens, to share how he manages stress to avoid burnout as a cybersecurity professional.
When we asked the security community who is their hacker hero, it was unsurprising to see that Eva Galperin, Director of Cybersecurity at EFF and co-founder of the Coalition Against Stalkerware was a finalist on the list. Galperin is a hacktivist known for her rage tweets that help her fight the good fight to protect vulnerable groups being targeted. Most known for her work to track down APTs, she also champions personal privacy and taking down stalkerware. Oh and she’s done a TED talk.
Detectify collaborates with Crowdsource, our private network of ethical hackers to help our customers access the latest critical security research and secure their web apps. With a hot hack summer, we saw a lot of devastating breaches which casted a negative view onto hackers as criminals. At Detectify, we believe that hackers are our allies.
SHORT SUMMARY: STOCKHOLM, SWEDEN – In February 2021, Detectify co-founder and Crowdsource hacker Frans Rosén was looking for security bugs in Apple services. Noticing that many of Apple’s own apps store their data in public databases on Apple’s data storage framework CloudKit, Frans was curious to know if any specific apps’ data could be modified with access to the public CloudKit containers in which their data was stored. Long story short, they could.
Detectify is on a mission to drive the future of Internet security with automated and crowdsourced web solutions. API security and hacking is a pretty hot topic today and we invite 3 experts to join us for the latest Detectify Hacker School Reboot to present lightning talks on their experience and interests in hacking APIs. Detectify recently announced that we are researching, breaking and securing APIs.
Tom Hudson (TH), Senior Security Researcher at Detectify, joined the Application Security Weekly podcast to talk about the status quo on web scanners and securing modern web applications. We’ve edited the transcript for brevity and taken some highlights from the pod episode below.
