Tom Hudson (TH), Senior Security Researcher at Detectify, joined the Application Security Weekly podcast to talk about the status quo on web scanners and securing modern web applications. We’ve edited the transcript for brevity and taken some highlights from the pod episode below.

At Detectify , we like to approach problems as opportunities for improvement. In the last couple of months, we’ve faced two challenges where we have taken the opportunity to rethink how we work. We’d like to share them with you to give you insight into how we work together and, hopefully, inspire some of you to try a new approach when solving your own challenges in the future! Both of these examples are related to our payment process.

STOCKHOLM — Aug. 18, 2021 — Detectify , the SaaS security company powered by ethical hackers, today announced its partnership with Hackers for Change. The collaboration will equip non-profit organizations with the tools required to strengthen security and decrease the likelihood of cyber-attacks, supporting the mission of Hackers for Change to provide charities and nonprofits with industry-quality cybersecurity services at no cost.

Our Crowdsource ethical hacker community has been busy sending us security updates, including 0-day research. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users.

Detectify is expanding its web app fuzzing engine to scan public-facing APIs for vulnerabilities. Earlier in the year, we released a new fuzzing engine, and it was developed with API scanning in mind. In Fall 2021, we will roll out open beta testing. You can register for Detectify API fuzzer updates and beta testing program.

Web applications and hosted software make up the largest attack surface for modern tech organizations. The most common web vulnerabilities being exploited go beyond the OWASP Top 10 list. At Detectify, we work in close collaboration with an invite-only community called Detectify Crowdsource to get the latest vulnerability research into the hands of security defenders. Besides knowing the vulnerabilities, you need the know how on how to mitigate them.

We’re going to highlight the Top high severity CVEs found by Detectify. Thanks to the Crowdsource global community of handpicked ethical hackers, Detectify users get continuous access to the latest threat findings “from the streets” – even actively exploited vulnerabilities for which there aren’t yet any official vendor patches or updates.

Detectify is helping tech organizations bring safer web products to market by providing crowdsourced, cloud-based, continuous web app security. Here’s a buyer’s guide on how you can get scaleable application security in 2021 and beyond. There are so many appsec tools out there with the same features. It’s hard to see value clearly amongst all the noise.

This is part 2 in a mini-series about the current paradigm shift in security towards a continuous security approach. Richard Carlsson, Detectify CEO, was on Enterprise Security Weekly to shed light on it and this article delves into the need for velocity to activate this strategy.

Our Crowdsource ethical hacker community has been busy sending us security updates, including 0-day research. For Asset Monitoring, we now push out tests more frequently at record speed within 25 minutes from hacker to scanner. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users.