|
By Detectify
Security doesn’t stop at the perimeter. The “inside” of your network often harbors many overlooked risks. To address this, ealier this year we launched Detectify Internal Scanning, designed to bring our world-class vulnerability research directly into your private ecosystems.
|
By Detectify
Let’s be real. Shadow AI is already reshaping Shadow IT Security, whether organizations are ready or not. Chances are that your developers aren’t waiting for a formal RFP to start using AI. They’re already deep in the trenches, using Open WebUI to manage models or shipping entire projects through platforms like Lovable at a velocity that makes traditional AppSec look like it’s standing still.
Introducing PCI ASV Scanning: Continuous attack surface compliance in partnership with Clone Systems
|
By Detectify
Maintaining a secure external attack surface is no longer just about finding vulnerabilities; it’s about proving your resilience to partners, auditors, and regulatory bodies. Today, we are excited to announce Detectify’s PCI ASV Scanning, delivered in partnership with Clone Systems.
TLDR: We attended Cyber Security 2026: Kritisk infrastruktur in Stockholm, and the reality check was simple: “breakout time” has hit a record low of 29 minutes. If you’re still scanning monthly, you’re defending a version of your infrastructure that doesn’t exist anymore. The time it takes for an attacker to move after a breach has dropped to just 29 minutes. In 2021, we talked about a “breakout time” of 100 minutes. Today?
|
By Detectify
Detectify’s new GraphQL API Scanning uses hacker-led research to provide highly accurate (99.7%), payload-based security testing. It identifies complex vulnerabilities within 20 minutes, helping enterprises meet PCI DSS 4.0 and SOC 2 standards while giving developers actionable remediation guidance.
|
By Detectify
Most organizations share a common, uncomfortable secret: they can’t answer basic questions about what is actually exposed on their IP ranges. As companies grow, whether through decades of history, global data centers, or regional allocations, they lose visibility of their IP footprint. Traditional manual reconnaissance is a point-in-time sync, often leaving security teams blind to what’s actually running on their infrastructure.
|
By Miriana Giai Gischia
TL;DR: Building for everyone, faster. We’re moving from the why to the how. To scale accessibility without losing speed, we’ve overhauled our foundation: In our previous post, we explored why accessibility is a non-negotiable for modern cybersecurity. But moving from philosophy to practice required a fundamental shift in our toolkit.
|
By Detectify
Security is often a game of “you don’t know what you don’t know.” At Detectify, we focus on removing that uncertainty. Whether it’s reaching 922 quintillion payload permutations or refining a UI workflow, our goal is to make the experience of securing your stack as seamless as the tech you’re building. We believe that a security tool shouldn’t just be powerful, it should be intuitive, fast, and, dare we say, a joy to use.
|
By Detectify
Most tools will just tell you that a port is open. We’ve decided that’s not enough. TLDR: We’ve launched Protocol Discovery, a custom-built engine designed to move beyond simple port scanning by identifying the specific services communicating behind your open ports. Our engine is optimized for the speed of modern cloud environments-scanning assets in under 10 seconds.
|
By Detectify
Detectify Internal Scanning is an internal vulnerability scanning solution that brings Detectify’s proprietary crawling and fuzzing engine behind your firewall. Built for AppSec and DevOps teams, it enables authenticated testing of internal applications, admin panels, staging environments, and microservices, all from a single, unified platform. Teams can now monitor both internal and external vulnerabilities side by side, without slowing down release cycles.
|
By Detectify
A webinar focusing on managing external attack surfaces in the context of rapidly changing and growing company infrastructures. The session, hosted by Johanna Ydergård, VP of Product at Detectify, includes a presentation and a Q&A panel. The discussion emphasizes the need to understand what companies expose to the internet and the importance of securing these exposures.
|
By Detectify
Getting ISO 27001 certified is quite a process, so why should SaaS companies do it? A couple of our security experts, Johan Edholm (co-founder and security engineer at Detectify) and Jenny Gabrielsson (CFO at Detectify) share a use case on Detectify's journey towards ISO 27001 certification.
|
By Detectify
In this webinar for security teams, you’ll get the latest product updates and take a behind-the-scenes look at upcoming product releases. Whether you’re just getting started with Detectify or are ready to go deeper with new features, you’ll learn to take actionable steps to protect your growing attack surface.
|
By Detectify
Included by Gartner in 2021 as a major cybersecurity category and an emerging product, the External Attack Surface Management (EASM) term might be new. Still, the idea behind it is nothing new: identifying risks coming from internet-facing assets that an organization may be unaware of.
|
By Detectify
This question still triggers some interesting discussions among security professionals. Does the perimeter still exist, or has it become impossible to outline due to the immense asset list and expansion of an organization’s attack surface? Included by Gartner in 2021 as a major cybersecurity category and an emerging product, the External Attack Surface Management (EASM) term might be new. Still, the idea behind it is nothing new: identifying risks coming from internet-facing assets that an organization may be unaware of.
|
By Detectify
What are organizations doing wrong when it comes to security? While today’s code-quality security is good, the sharing between each domain or principle is lacking, such as using infrastructure as code. Some people have become lazy, using other people’s templates and sometimes without knowing the security details. There is no technical depth (the rule now is; if it works, it works). Security metrics are valued by the exploitation that happens. We learn by being hacked, and that is not how it should work.
|
By Detectify
Penetration testing is a vulnerability detection mechanism that uses multistep and multivector attack scenarios to find vulnerabilities and attempts to exploit them. While some companies might be continuously pentesting, others don’t at all, this is often due to lacking security culture, budget limitations, or both.
|
By Detectify
Hacking yourself is the only way to protect your attack surface Explore the full breadth and depth of your external attack surface with Detectify. Find out what Internet-facing assets you're exposing, how to fix their vulnerabilities and anomalies, and accurate guidance on what you should improve and prioritize first.
|
By Detectify
A recording of a panel discussion from Hack Yourself Stockholm 2021 on the theme of attack surface management. Hear the panelists discuss what organizations can do to find and better protect their external attack surface. Featuring security experts from: David Jacoby - Deputy Director for the European Global Research and Analysis Team, Kaspersky Jesper Larsson - Freelance IT-Security Researcher & Penetration Tester Mathias Karlsson - Head of Technical Security, Kivra Shane Murnion - Security Specialist, Skandia.
|
By Detectify
Our security researchers happen to be talented bug bounty hunters as well as the brains behind of Detectify's efforts to develop a leading-edge API security scanner. Why is developing a reliable API security tool so challenging? It's because every API is different, which means it’s challenging to have a standardized approach to security testing on APIs. Almroth states that the team will focus on developing an API security scanner that focuses on server-side vulnerabilities. Both share that this is going to use fuzzing techniques.
|
By Detectify
The External Attack Surface Management market category only emerged in mid-2021 but is already seeing significant product development and evolution growth. This e-book demystifies some of the information around EASM - especially its relation to other attack surface management (ASM) product categories and how product security teams can leverage EASM to go beyond asset discovery and inventory.
- April 2026 (4)
- March 2026 (4)
- February 2026 (2)
- January 2026 (1)
- December 2025 (2)
- November 2025 (4)
- October 2025 (5)
- September 2025 (4)
- June 2025 (1)
- May 2025 (1)
- April 2025 (1)
- March 2025 (3)
- February 2025 (1)
- January 2025 (5)
- December 2024 (1)
- November 2024 (1)
- October 2024 (2)
- July 2024 (2)
- June 2024 (1)
- April 2024 (1)
- March 2024 (1)
- February 2024 (1)
- January 2024 (2)
- December 2023 (4)
- November 2023 (1)
- October 2023 (3)
- September 2023 (3)
- August 2023 (1)
- July 2023 (3)
- June 2023 (1)
- May 2023 (2)
- April 2023 (6)
- March 2023 (4)
- February 2023 (1)
- January 2023 (4)
- December 2022 (2)
- November 2022 (2)
- October 2022 (5)
- September 2022 (3)
- August 2022 (3)
- July 2022 (4)
- June 2022 (6)
- May 2022 (9)
- April 2022 (3)
- March 2022 (6)
- February 2022 (2)
- January 2022 (2)
- December 2021 (5)
- November 2021 (4)
- October 2021 (4)
- September 2021 (5)
- August 2021 (6)
- July 2021 (3)
- June 2021 (2)
- May 2021 (4)
- April 2021 (4)
- March 2021 (3)
- February 2021 (5)
- January 2021 (6)
- December 2020 (9)
- November 2020 (6)
- October 2020 (2)
- September 2020 (3)
- August 2020 (4)
- July 2020 (7)
- June 2020 (2)
- May 2020 (3)
- April 2020 (2)
- March 2020 (2)
- February 2020 (4)
- January 2020 (2)
- December 2019 (1)
- November 2019 (3)
- October 2019 (5)
- September 2019 (2)
- August 2019 (2)
- July 2019 (6)
- June 2019 (1)
- May 2019 (5)
- April 2019 (5)
- March 2019 (9)
- February 2019 (6)
- January 2019 (7)
- December 2018 (6)
- November 2018 (5)
- October 2018 (1)
- September 2018 (3)
- August 2018 (1)
- July 2018 (1)
- June 2018 (2)
Detectify is a web security scanner that performs fully automated tests to identify security issues on your website. It tests your website for over 1000 vulnerabilities, including OWASP Top 10, and can be used on both staging and production environments. Detectify’s simple to use interface, integrations with popular developer tools, team functionality, and informative reports simplify security and allow you to integrate it into your workflow.
We work with some of the best white hat hackers in the world through our Detectify Crowdsource platform and our internal security research team to continually build more security tests into our tool. We now scan for over 1000+ known vulnerabilities.
What makes us unique:
- White hat hackers: Detectify was built by renowned white hat hackers, who have legally hacked companies like Google, Facebook and PayPal. In 2016, we launched Detectify Crowdsource, a global network of 150+ handpicked ethical hackers that continously report their latest findings to us. In the last year, we received 450+ submissions that generated nearly 40 000 findings amongst our users.
- Usability: The Detectify experience is designed to be easy, fun and accessible. The goal to simplify security has shaped Detectify’s UI, making it both intuitive and easily adjusted to your needs. This is why Detectify seamlessly integrates into the development process and offers integrations with all popular developer tools.
- Educational: Detectify offers team functionality so that users can easily share reports within their team and/or with clients. Most findings have links to resources where you can read up on the vulnerability and learn how to fix it. You will have access to more than 100 guides, attack demo videos, quizzes etc, which will quickly increase the security awareness in your organisation.
Go Hack Yourself or someone else will.