|
By Detectify
We’re pleased to share that our External Attack Surface Management (EASM) solution is now available on AWS Marketplace through private offer. Our inclusion means that our customers can now more conveniently and easily purchase both Surface Monitoring and Application Scanning for comprehensive attack surface coverage.
|
By Victor Arellano
The new attack surface overview puts the changes and potential risky exposures to your attack surface front and center. But that’s not all we’ve shipped in February. We’ve improved our Azure domain connector, simplifying onboarding for those users, and sent dozens of new vulnerability tests, such as CVE-2024-27199: TeamCity Authentication Bypass and CVE-2024-21893: Ivanti Connect Secure, Policy Secure SSRF.
|
By Cecilia Wik
Navigating the complex and ever-changing compliance landscape is difficult for many companies and organizations. With many regulations, selecting the appropriate security tooling that aligns with the compliance needs of your business becomes a significant challenge.
|
By Victor Arellano
Our new domain connector simplifies and expands support for organizations integrating cloud providers to Detectify. Security teams can now have even greater confidence in the security posture of their attack surface, with increased visibility into the identification, inventorying, and continuous monitoring of the latest vulnerabilities and exposures.
|
By Detectify
This blog summarizes how the Detectify tool has evolved over 2023, alongside other significant highlights, such as analyst mentions and major developments to Detectify.com, Detectify Blog, and Detectify Labs properties.
|
By Detectify
For starters, it’s no surprise that the findings revealed that organizations’ most prominent threats during 2023 are vulnerabilities not covered by common disclosure processes, like CVEs. Detectify CEO Rickard Carlsson has been talking about this for some time – his article on the trouble with CVEs and vulnerability management in modern tech stacks demonstrates the risks associated with an overly reliant approach to established methods.
|
By Victor Arellano
We’ve made several improvements to the attack surface data visible from the overview, such as new IPs and both covered and uncovered assets. We’ve also improved your interaction with fingerprinted technologies across your attack surface.
|
By Detectify
In order for AppSec and ProdSec teams to stay on top of their growing attack surface, they must understand what parts of their attack surface are being continuously monitored and scanned, such as where, when, what, and how. This can include, but is not limited to.
|
By Detectify
Here is a list of all new modules recently added from our community of ethical hackers. You can find a complete list of new vulnerabilities added to Surface Monitoring and Application Scanning by viewing the “What’s New?” section in-tool.
|
By Victor Arellano
We’ve made several improvements to how users can interact with their fingerprinted technologies data, grouping IP data by several parameters, and viewing the latest changes to their expanding attack surface.
|
By Detectify
A webinar focusing on managing external attack surfaces in the context of rapidly changing and growing company infrastructures. The session, hosted by Johanna Ydergård, VP of Product at Detectify, includes a presentation and a Q&A panel. The discussion emphasizes the need to understand what companies expose to the internet and the importance of securing these exposures.
|
By Detectify
Getting ISO 27001 certified is quite a process, so why should SaaS companies do it? A couple of our security experts, Johan Edholm (co-founder and security engineer at Detectify) and Jenny Gabrielsson (CFO at Detectify) share a use case on Detectify's journey towards ISO 27001 certification.
|
By Detectify
In this webinar for security teams, you’ll get the latest product updates and take a behind-the-scenes look at upcoming product releases. Whether you’re just getting started with Detectify or are ready to go deeper with new features, you’ll learn to take actionable steps to protect your growing attack surface.
|
By Detectify
Included by Gartner in 2021 as a major cybersecurity category and an emerging product, the External Attack Surface Management (EASM) term might be new. Still, the idea behind it is nothing new: identifying risks coming from internet-facing assets that an organization may be unaware of.
|
By Detectify
This question still triggers some interesting discussions among security professionals. Does the perimeter still exist, or has it become impossible to outline due to the immense asset list and expansion of an organization’s attack surface? Included by Gartner in 2021 as a major cybersecurity category and an emerging product, the External Attack Surface Management (EASM) term might be new. Still, the idea behind it is nothing new: identifying risks coming from internet-facing assets that an organization may be unaware of.
|
By Detectify
What are organizations doing wrong when it comes to security? While today’s code-quality security is good, the sharing between each domain or principle is lacking, such as using infrastructure as code. Some people have become lazy, using other people’s templates and sometimes without knowing the security details. There is no technical depth (the rule now is; if it works, it works). Security metrics are valued by the exploitation that happens. We learn by being hacked, and that is not how it should work.
|
By Detectify
Penetration testing is a vulnerability detection mechanism that uses multistep and multivector attack scenarios to find vulnerabilities and attempts to exploit them. While some companies might be continuously pentesting, others don’t at all, this is often due to lacking security culture, budget limitations, or both.
|
By Detectify
Hacking yourself is the only way to protect your attack surface Explore the full breadth and depth of your external attack surface with Detectify. Find out what Internet-facing assets you're exposing, how to fix their vulnerabilities and anomalies, and accurate guidance on what you should improve and prioritize first.
|
By Detectify
A recording of a panel discussion from Hack Yourself Stockholm 2021 on the theme of attack surface management. Hear the panelists discuss what organizations can do to find and better protect their external attack surface. Featuring security experts from: David Jacoby - Deputy Director for the European Global Research and Analysis Team, Kaspersky Jesper Larsson - Freelance IT-Security Researcher & Penetration Tester Mathias Karlsson - Head of Technical Security, Kivra Shane Murnion - Security Specialist, Skandia.
|
By Detectify
Our security researchers happen to be talented bug bounty hunters as well as the brains behind of Detectify's efforts to develop a leading-edge API security scanner. Why is developing a reliable API security tool so challenging? It's because every API is different, which means it’s challenging to have a standardized approach to security testing on APIs. Almroth states that the team will focus on developing an API security scanner that focuses on server-side vulnerabilities. Both share that this is going to use fuzzing techniques.
|
By Detectify
The External Attack Surface Management market category only emerged in mid-2021 but is already seeing significant product development and evolution growth. This e-book demystifies some of the information around EASM - especially its relation to other attack surface management (ASM) product categories and how product security teams can leverage EASM to go beyond asset discovery and inventory.
- April 2024 (1)
- March 2024 (2)
- February 2024 (1)
- January 2024 (2)
- December 2023 (4)
- November 2023 (1)
- October 2023 (3)
- September 2023 (3)
- August 2023 (1)
- July 2023 (3)
- June 2023 (1)
- May 2023 (2)
- April 2023 (6)
- March 2023 (4)
- February 2023 (2)
- January 2023 (4)
- December 2022 (2)
- November 2022 (2)
- October 2022 (5)
- September 2022 (3)
- August 2022 (3)
- July 2022 (4)
- June 2022 (6)
- May 2022 (9)
- April 2022 (3)
- March 2022 (6)
- February 2022 (2)
- January 2022 (2)
- December 2021 (5)
- November 2021 (4)
- October 2021 (4)
- September 2021 (5)
- August 2021 (6)
- July 2021 (3)
- June 2021 (2)
- May 2021 (4)
- April 2021 (4)
- March 2021 (3)
- February 2021 (5)
- January 2021 (6)
- December 2020 (9)
- November 2020 (6)
- October 2020 (2)
- September 2020 (3)
- August 2020 (4)
- July 2020 (7)
- June 2020 (2)
- May 2020 (3)
- April 2020 (2)
- March 2020 (2)
- February 2020 (4)
- January 2020 (2)
- December 2019 (1)
- November 2019 (3)
- October 2019 (5)
- September 2019 (2)
- August 2019 (2)
- July 2019 (6)
- June 2019 (1)
- May 2019 (5)
- April 2019 (5)
- March 2019 (9)
- February 2019 (6)
- January 2019 (7)
- December 2018 (6)
- November 2018 (5)
- October 2018 (1)
- September 2018 (3)
- August 2018 (1)
- July 2018 (1)
- June 2018 (2)
Detectify is a web security scanner that performs fully automated tests to identify security issues on your website. It tests your website for over 1000 vulnerabilities, including OWASP Top 10, and can be used on both staging and production environments. Detectify’s simple to use interface, integrations with popular developer tools, team functionality, and informative reports simplify security and allow you to integrate it into your workflow.
We work with some of the best white hat hackers in the world through our Detectify Crowdsource platform and our internal security research team to continually build more security tests into our tool. We now scan for over 1000+ known vulnerabilities.
What makes us unique:
- White hat hackers: Detectify was built by renowned white hat hackers, who have legally hacked companies like Google, Facebook and PayPal. In 2016, we launched Detectify Crowdsource, a global network of 150+ handpicked ethical hackers that continously report their latest findings to us. In the last year, we received 450+ submissions that generated nearly 40 000 findings amongst our users.
- Usability: The Detectify experience is designed to be easy, fun and accessible. The goal to simplify security has shaped Detectify’s UI, making it both intuitive and easily adjusted to your needs. This is why Detectify seamlessly integrates into the development process and offers integrations with all popular developer tools.
- Educational: Detectify offers team functionality so that users can easily share reports within their team and/or with clients. Most findings have links to resources where you can read up on the vulnerability and learn how to fix it. You will have access to more than 100 guides, attack demo videos, quizzes etc, which will quickly increase the security awareness in your organisation.
Go Hack Yourself or someone else will.