The web browser is probably the most used application on your computer. It’s used for basically everything from checking email, communicating via social media, video conferencing to shopping, banking, gaming, and much more. While we are moving toward a more app-based mobile lifestyle, we are far from getting rid of the traditional web browser.

Simple and intuitive design is at the core of how we design. That’s why we’ve improved the navigation of our tool so that users can easily access the attack surface and scan settings. Since launching the attack surface view earlier this year, we’ve heard from some users that finding the attack surface view isn’t very clear. This meant some users were missing out on insights across their expanding attack surface, such as open ports and DNS information.

The rapidly expanding attack surface often requires security teams to deep dive into their Internet-facing assets, such as root assets and associated subdomains. Conducting these reviews can be time-consuming for security experts, particularly if they have a large attack surface made up of hundreds – or even thousands! – of subdomains. We’ve now made it possible for users to filter their attack surface by a root asset.

While the attack needed for such a single-click account takeover would be complex, the research by Frans Rosén, Security Advisor at Detectify, discovered that some of the most popular consumer and business websites in the world currently are not following the OAuth specification best practices and thus are vulnerable to the attack chain. Rosén recently undertook extensive research on how OAuth tokens could be stolen.