Our global community of hand-picked Detectify Crowdsource ethical hackers are the reason we are able to automate security research so quickly to protect web applications from attack. This past year, we received a record 1300+ submissions from the community including over 180 zero-day vulnerabilities! Every module and security test we build from these hacker-submitted vulnerabilities helps us make the internet more secure.
Our Crowdsource ethical hacker community has been busy sending us security updates, including 0-day research. For Asset Monitoring, we now push out tests more frequently at record speed within 25 minutes from hacker to scanner. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. The following are some of the security vulnerabilities reported by Detectify Crowdsource ethical hackers.
On November 6th, 2019, Detectify added security tests for 50+ of the most popular WordPress plugins, including Easy-WP-SMTP. Although the zero-day affecting Easy-WP-SMTP (CVE-2020-35234) was recently patched, WordPress estimates that many of the 500,000+ active installs of the plugin remain unpatched. Detectify scans your applications for this vulnerability and alerts you if you are running a vulnerable version of WordPress and WordPress plugins.
Coming hot off our successful funding round of €21.5 million in November 2019, we had no plans of stopping – only speeding up in 2020! In April, Detectify transitioned to a remote-first work policy, but that didn’t hinder our incredible tech teams from developing great things. Let’s take a look! This one’s for the stats-lovers.
Triage is just as important to security teams as it is to hospital workers. Now, you can prioritize and remediate web application vulnerabilities even faster with tags and findings in one view for Detectify Deep Scan and Asset Monitoring. For the past couple of months, one of Detectify’s product teams has been working relentlessly on improving how customers consume security vulnerability findings.
Our Crowdsource ethical hacker community has been busy sending us security updates, including 0-day research. For Asset Monitoring, we now push out tests more frequently at record speed within 25 minutes from hacker to scanner. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. The following are some of the security vulnerabilities reported by Detectify Crowdsource ethical hackers.
In the summertime, I shared my thoughts on how Detectify Crowdsource is not your average bug bounty program. Through this, we got some questions from the security community which I’m going to do my best to answer in this follow-up: Finding bugs is fun, but then comes the reporting part which may not be your favorite depending on how much you enjoy admin work.
Security is not compliance. This is something that the security champions at Detectify can agree on and each employee practices security everyday to help keep our customers and business secure. You’ve probably never met a more engaged group about security training than us at Detectify! We are passionate about our industry and maybe even gain a few new security nerds every few months as we go.
On October 29th, Detectify released a security test to detect a critical Oracle WebLogic Server RCE – CVE-2020-14882. Again in November, Oracle released an out-of-band security patch to fix a related RCE for Oracle Fusion Middleware. These vulnerabilities are currently being exploited by multiple botnets in the wild. Detectify scans your application for both of these vulnerabilities and will alert you if you are running a vulnerable version of Oracle WebLogic Server.
