Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

How to hack smarter and find critical vulnerabilities with the new fuzzing engine

There is a common tendency that the typical DAST scanner finds the easiest to locate known security vulnerabilities. If you need to find vulnerabilities that are more difficult to detect – you need the help of security experts. But what if the DAST product could behave more like an automated hacker? The Security Research team at Detectify set themselves up to solve this problem and fundamentally upgrade the way we do fuzzing in our vulnerability scanner, Deep Scan.

Detectify security updates for February 22

Our Crowdsource ethical hacker community has been busy sending us security updates, including 0-day research. For Asset Monitoring, we now push out tests more frequently at record speed within 25 minutes from hacker to scanner. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. The following are some of the security vulnerabilities reported by Detectify Crowdsource ethical hackers.

Vuln of the Month: CVE-2020-10148 SolarWinds Orion Authentication Bypass

Every week, our global community of hand-picked Detectify Crowdsource ethical hackers submit new vulnerabilities that we make available to our users as automated security tests. In the new series Vuln of the Month, we deep-dive into an especially interesting vulnerability that was added to our scanner in the past month. First up: CVE-2020-10148, SolarWinds Orion Authentication Bypass. In January, Detectify added a security test for CVE-2020-10148, SolarWinds Orion Authentication Bypass.

Security Defender Insights: Improving security visibility in the remote-work reality

This edition of Detectify Security Defenders Insights focuses on best practices on how not to lose security visibility in 2021: For many small to mid-sized tech organizations, security visibility is an increasing challenge. 2020 was the true catalyst to their tech transformation from all in-house to suddenly working from home. This meant a pressured effort to make sure security was top-of-mind especially now that everyone was literally out-of-sight.

Detectify security updates for February 8

Our Crowdsource ethical hacker community has been busy sending us security updates, including 0-day research. For Asset Monitoring, we now push out tests more frequently at record speed within 25 minutes from hacker to scanner. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. The following are some of the security vulnerabilities reported by Detectify Crowdsource ethical hackers.

Security Defender Insights: "bad actors are using intelligence and automatic tools, we need to surpass those abilities"

In this new series, Security Defender Insights, Detectify is recognizing Security Defenders in our network to bring you actionable insights and inspiration for your security strategies in 2021. We want to encourage open discussions about web security and show appreciation for hard-working security practitioners. So let’s get started with this interview with Roberto Arias Alegria, Information Security Architect at Quandoo.

Detectify's ISO 27001 certification use case and guide for SaaS companies

A SaaS start-up can only go so far before it’s time to consider certifications and compliance standards for advancement. But let’s make it clear that at Detectify, we don’t see compliance as security. If you’re stuck in between the two right now, here’s our use case for getting ISO 27001 certification and how we made it work for Detectify, a SaaS-based web application security scale-up that has its fair share of passionate security defenders aboard!

Detectify security updates for January 25

Our Crowdsource ethical hacker community has been busy sending us security updates, including 0-day research. For Asset Monitoring, we now push out tests more frequently at record speed within 25 minutes from hacker to scanner. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. The following are some of the security vulnerabilities reported by Detectify Crowdsource ethical hackers.

DNS Hijacking - Taking Over Top-Level Domains and Subdomains

TL;DR: On January 7, the Detectify security research team found that the .cd top-level domain (TLD) was about to be released for anyone to purchase and claimed it to keep it secure before any bad actors snatched it up. A technical report with full details is available on Detectify Labs. This blog post will discuss the basics of domain takeover.

Detectify ethical hacker kept the country code domain .cd safe from potential attacks

NEW RESEARCH – On December 30, Fredrik Nordberg Almroth, security researcher and co-founder of Detectify – the Sweden-born cybersecurity company that offers a web vulnerability service powered by leading ethical hackers – found a vulnerability that left the country code top-level domain of the Democratic Republic of Congo, .cd, open to severe potential abuse.