Our new domain connector simplifies and expands support for organizations integrating cloud providers to Detectify. Security teams can now have even greater confidence in the security posture of their attack surface, with increased visibility into the identification, inventorying, and continuous monitoring of the latest vulnerabilities and exposures. Confidence in the latest attack surface data New assets, vulnerabilities, or human errors like server misconfigurations make a continuously updated overview of the attack surface a non-negotiable for organizations today. When our users come to che ..read more

This blog summarizes how the Detectify tool has evolved over 2023, alongside other significant highlights, such as analyst mentions and major developments to Detectify.com, Detectify Blog, and Detectify Labs properties. January – March Improvements to Attack Surface Custom Policies (Surface Monitoring) Expanded coverage of Attack Surface Custom Policies to include fingerprinted technologies and enable users to set custom rules for various use cases. Expanded asset attribution (Surface Monitoring) Including several new data points, such as IPs. Detectify recognized in Forrester independent ..read more

It’s nearing the end of 2023, and we’ve recently published a report, “State of EASM 2023”, offering insights into the state of attack surfaces across a sample of our customer base. The report takes anonymous and aggregated Detectify data to explore the state of External Attack Surface Management within our customers. The data set includes: 235 companies & organizations, including large enterprises and mid-market companies from across a range of industries. 60% of our mid-market and enterprise customer base (excluding our self-service users). This data contains a sample of customers with ..read more

We’ve made several improvements to the attack surface data visible from the overview, such as new IPs and both covered and uncovered assets. We’ve also improved your interaction with fingerprinted technologies across your attack surface. New data visible from your overview We know that getting the latest information about your attack surface helps your team stay in control by responding quickly to new vulnerabilities and exposures. Previously, users could get information about newly detected technologies, vulnerabilities by severity, and assets with the most vulnerabilities, to list a few data ..read more

Here is a list of all new modules recently added from our community of ethical hackers. You can find a complete list of new vulnerabilities added to Surface Monitoring and Application Scanning by viewing the “What’s New?” section in-tool. Latest vulnerabilities: CVE-2023-49103: OwnCloud Phpinfo Configuration CVE-2023-44150: ProfilePress Sensitive Information Exposure CVE-2023-43208: NextGen Healthcare Mirth Connect RCE CVE-2023-41339: Geoserver WMS SSR CVE-2023-40779: IceWarp Open Redirect CVE-2023-39700: IceWarp XSS CVE-2023-37728: IceWarp XSS CVE-2023-33160: Microsoft Sharepoint RCE CVE-202 ..read more

It’s not unlikely that your team has a sufficient amount of vulnerability data that they must assess, prioritize, and remediate. Whether that’s a newly discovered vulnerability, an expired SSL certificate, or even a security policy breach – security teams need to get all this data into one place.  For AppSec and ProdSec teams to be successful, they need to know which of their assets are exposed and vulnerable so they can take action to enable faster remediation. Additionally, they should be able to follow their security progress in a single tool or have all their security tools seamlessly ..read more

How do you see the current state of security in your organization when security is constantly evolving? New assets, vulnerabilities, and even human errors like server misconfigurations make a continuously updated overview non-negotiable.  AppSec and ProdSec teams must take action on newly discovered vulnerabilities and policy breaches quickly and efficiently. Prioritizing which vulnerabilities and risks to remediate first and having this information all in one place will help security teams get the latest insights about their attack surface immediately.  How to define “the current st ..read more

As someone working within AppSec or ProdSec security, the scope and responsibilities of your role have likely changed over the last few years. This is likely an accumulation of: An increased reliance on the public cloud, resulting in an adaption of your skillet to reflect this change; Security tool consolidation, meaning you’re looking to get more out of your existing tools; Attack surface coverage and growth, with the need to discover new unknown assets and secure what’s already there. But what hasn’t changed? Regardless of any new scope or responsibilities, you still have a set of things y ..read more

Here is a list of all new modules recently added from our community of ethical hackers. You can find a complete list of new vulnerabilities added to Surface Monitoring and Application Scanning by viewing the “What’s New?” section in-tool. Featured vulnerability: CVE-2023-42793: TeamCity CI Authentication Bypass. CVE-2023-42793 is present in versions of the CI/CD solution TeamCity. If exploited, it can lead to remote code execution (RCE) attacks. All TeamCity users are urged to update to the latest version (2023.05.04) or implement the security patch plugin released by the solution. Latest vuln ..read more

We know how frustrating it can be to discover new assets that don’t follow your internal security policies, such as using a geolocation that isn’t allowed or even a sudden spike in hosting from an approved country. These exposures can put your organization at risk, especially since they often go undetected and are challenging to split with automation. That’s why we’re excited to see so many of our customers use our new IP page. How does this help security teams? Allow investigations into “country” or “provider” regarding specific known risks. Find “providers” that are not allowed to be used o ..read more