Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On November 6th, 2019, Detectify added security tests for 50+ of the most popular WordPress plugins, including Easy-WP-SMTP. Although the zero-day affecting Easy-WP-SMTP (CVE-2020-35234) was recently patched, WordPress estimates that many of the 500,000+ active installs of the plugin remain unpatched. Detectify scans your applications for this vulnerability and alerts you if you are running a vulnerable version of WordPress and WordPress plugins.

Coming hot off our successful funding round of €21.5 million in November 2019, we had no plans of stopping – only speeding up in 2020! In April, Detectify transitioned to a remote-first work policy, but that didn’t hinder our incredible tech teams from developing great things. Let’s take a look! This one’s for the stats-lovers.

Triage is just as important to security teams as it is to hospital workers. Now, you can prioritize and remediate web application vulnerabilities even faster with tags and findings in one view for Detectify Deep Scan and Asset Monitoring. For the past couple of months, one of Detectify’s product teams has been working relentlessly on improving how customers consume security vulnerability findings.

Our Crowdsource ethical hacker community has been busy sending us security updates, including 0-day research. For Asset Monitoring, we now push out tests more frequently at record speed within 25 minutes from hacker to scanner. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. The following are some of the security vulnerabilities reported by Detectify Crowdsource ethical hackers.

In the summertime, I shared my thoughts on how Detectify Crowdsource is not your average bug bounty program. Through this, we got some questions from the security community which I’m going to do my best to answer in this follow-up: Finding bugs is fun, but then comes the reporting part which may not be your favorite depending on how much you enjoy admin work.

Security is not compliance. This is something that the security champions at Detectify can agree on and each employee practices security everyday to help keep our customers and business secure. You’ve probably never met a more engaged group about security training than us at Detectify! We are passionate about our industry and maybe even gain a few new security nerds every few months as we go.

On October 29th, Detectify released a security test to detect a critical Oracle WebLogic Server RCE – CVE-2020-14882. Again in November, Oracle released an out-of-band security patch to fix a related RCE for Oracle Fusion Middleware. These vulnerabilities are currently being exploited by multiple botnets in the wild. Detectify scans your application for both of these vulnerabilities and will alert you if you are running a vulnerable version of Oracle WebLogic Server.

Our Crowdsource ethical hacker community has been busy sending us security updates, including 0-day research. For Asset Monitoring, we now push out tests more frequently at record speed within 25 minutes from hacker to scanner. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. The following are some of the security vulnerabilities reported by Detectify Crowdsource ethical hackers.

Have the WAF security companies got you thinking that a firewall is enough? In a modern landscape, development and security move faster, and so do web application vulnerabilities. Unfortunately, WAF doesn’t prevent many of these events, and hackers of all hats have known ways of bypassing WAF to exploit common and creative web vulnerabilities.

Rickard Carlsson, CEO of Detectify, recently joined as a guest speaker on the Application Security Weekly Podcast hosted by Mike Shema, Matt Alderman, and John Kisella.They discuss how Detectify’s solution is a game changer by combining the speed of automation and hacker expertise, why you should trust developers with security, and how the modern digital landscape requires even devs to look at the asset inventory. We’ve highlighted some interesting points in the interview.