Detectify

Stockholm, Sweden
2012
  |  By Detectify
In order for AppSec and ProdSec teams to stay on top of their growing attack surface, they must understand what parts of their attack surface are being continuously monitored and scanned, such as where, when, what, and how. This can include, but is not limited to.
  |  By Detectify
Here is a list of all new modules recently added from our community of ethical hackers. You can find a complete list of new vulnerabilities added to Surface Monitoring and Application Scanning by viewing the “What’s New?” section in-tool.
  |  By Victor Arellano
We’ve made several improvements to how users can interact with their fingerprinted technologies data, grouping IP data by several parameters, and viewing the latest changes to their expanding attack surface.
  |  By Detectify
It’s not unlikely that your team has a sufficient amount of vulnerability data that they must assess, prioritize, and remediate. Whether that’s a newly discovered vulnerability, an expired SSL certificate, or even a security policy breach – security teams need to get all this data into one place. For AppSec and ProdSec teams to be successful, they need to know which of their assets are exposed and vulnerable so they can take action to enable faster remediation.
  |  By Detectify
New assets, vulnerabilities, and even human errors like server misconfigurations make a continuously updated overview non-negotiable. AppSec and ProdSec teams must take action on newly discovered vulnerabilities and policy breaches quickly and efficiently. Prioritizing which vulnerabilities and risks to remediate first and having this information all in one place will help security teams get the latest insights about their attack surface immediately.
  |  By Detectify
As a security practitioner, the scope and responsibilities of your role have likely changed over the last few years. This is likely an accumulation of: But what hasn’t changed? Regardless of any new scope or responsibilities, you still have a set of things you need to accomplish and get done that are the most important to you.
  |  By Detectify
Here is a list of all new modules recently added from our community of ethical hackers. You can find a complete list of new vulnerabilities added to Surface Monitoring and Application Scanning by viewing the “What’s New?” section in-tool.
  |  By Victor Arellano
We know how frustrating it can be to discover new assets that don’t follow your internal security policies, such as using a geolocation that isn’t allowed or even a sudden spike in hosting from an approved country. These exposures can put your organization at risk, especially since they often go undetected and are challenging to split with automation. That’s why we’re excited to see so many of our customers use our new IP page.
  |  By Victor Arellano
Customers often tell us of instances where someone in their team spins up a new machine that isn’t using an approved geolocation, or that they see an unexpected spike in hosting from a particular country. These anomalies can put an organization at risk, especially since they are difficult to spot in an automated way.
  |  By Charlotte Kerridge
“How does Detectify’s External Attack Surface Management platform compare to Penetration testing” or “What I’m really looking for is Penetration testing” are two statements we often hear when talking to prospects. We know that many of you are keen to understand how EASM compares with Penetration testing (Pen testing), so we’re exploring these two methodologies side-by-side.
  |  By Detectify
In this webinar for security teams, you’ll get the latest product updates and take a behind-the-scenes look at upcoming product releases. Whether you’re just getting started with Detectify or are ready to go deeper with new features, you’ll learn to take actionable steps to protect your growing attack surface.
  |  By Detectify
Included by Gartner in 2021 as a major cybersecurity category and an emerging product, the External Attack Surface Management (EASM) term might be new. Still, the idea behind it is nothing new: identifying risks coming from internet-facing assets that an organization may be unaware of.
  |  By Detectify
This question still triggers some interesting discussions among security professionals. Does the perimeter still exist, or has it become impossible to outline due to the immense asset list and expansion of an organization’s attack surface? Included by Gartner in 2021 as a major cybersecurity category and an emerging product, the External Attack Surface Management (EASM) term might be new. Still, the idea behind it is nothing new: identifying risks coming from internet-facing assets that an organization may be unaware of.
  |  By Detectify
What are organizations doing wrong when it comes to security? While today’s code-quality security is good, the sharing between each domain or principle is lacking, such as using infrastructure as code. Some people have become lazy, using other people’s templates and sometimes without knowing the security details. There is no technical depth (the rule now is; if it works, it works). Security metrics are valued by the exploitation that happens. We learn by being hacked, and that is not how it should work.
  |  By Detectify
Penetration testing is a vulnerability detection mechanism that uses multistep and multivector attack scenarios to find vulnerabilities and attempts to exploit them. While some companies might be continuously pentesting, others don’t at all, this is often due to lacking security culture, budget limitations, or both.
  |  By Detectify
Hacking yourself is the only way to protect your attack surface Explore the full breadth and depth of your external attack surface with Detectify. Find out what Internet-facing assets you're exposing, how to fix their vulnerabilities and anomalies, and accurate guidance on what you should improve and prioritize first.
  |  By Detectify
A recording of a panel discussion from Hack Yourself Stockholm 2021 on the theme of attack surface management. Hear the panelists discuss what organizations can do to find and better protect their external attack surface. Featuring security experts from: David Jacoby - Deputy Director for the European Global Research and Analysis Team, Kaspersky Jesper Larsson - Freelance IT-Security Researcher & Penetration Tester Mathias Karlsson - Head of Technical Security, Kivra Shane Murnion - Security Specialist, Skandia.
  |  By Detectify
Our security researchers happen to be talented bug bounty hunters as well as the brains behind of Detectify's efforts to develop a leading-edge API security scanner. Why is developing a reliable API security tool so challenging? It's because every API is different, which means it’s challenging to have a standardized approach to security testing on APIs. Almroth states that the team will focus on developing an API security scanner that focuses on server-side vulnerabilities. Both share that this is going to use fuzzing techniques.
  |  By Detectify
Yes the rumors are true, the teams at Detectify are working hard at researching and developing security testing for APIs. Senior security researchers, Tom Hudson and Fredrik Nordberg Almroth answer questions about API security. Just like web apps, APIs can’t be secured with rule-based automated scanners - they need context! That’s why we are developing our fuzzing engine to cover public-facing APIs and test them like a hacker would.
  |  By Detectify
Unleash the power of ethical hacker knowledge - straight into your security workflows.
  |  By Detectify
The External Attack Surface Management market category only emerged in mid-2021 but is already seeing significant product development and evolution growth. This e-book demystifies some of the information around EASM - especially its relation to other attack surface management (ASM) product categories and how product security teams can leverage EASM to go beyond asset discovery and inventory.

Detectify is a web security scanner that performs fully automated tests to identify security issues on your website. It tests your website for over 1000 vulnerabilities, including OWASP Top 10, and can be used on both staging and production environments. Detectify’s simple to use interface, integrations with popular developer tools, team functionality, and informative reports simplify security and allow you to integrate it into your workflow.

We work with some of the best white hat hackers in the world through our Detectify Crowdsource platform and our internal security research team to continually build more security tests into our tool. We now scan for over 1000+ known vulnerabilities.

What makes us unique:

  • White hat hackers: Detectify was built by renowned white hat hackers, who have legally hacked companies like Google, Facebook and PayPal. In 2016, we launched Detectify Crowdsource, a global network of 150+ handpicked ethical hackers that continously report their latest findings to us. In the last year, we received 450+ submissions that generated nearly 40 000 findings amongst our users.
  • Usability: The Detectify experience is designed to be easy, fun and accessible. The goal to simplify security has shaped Detectify’s UI, making it both intuitive and easily adjusted to your needs. This is why Detectify seamlessly integrates into the development process and offers integrations with all popular developer tools.
  • Educational: Detectify offers team functionality so that users can easily share reports within their team and/or with clients. Most findings have links to resources where you can read up on the vulnerability and learn how to fix it. You will have access to more than 100 guides, attack demo videos, quizzes etc, which will quickly increase the security awareness in your organisation.

Go Hack Yourself or someone else will.