The modern infrastructure is controlled by the DNS with pointers to both internal and third-party services. As a result, organizations are simultaneously expanding their attack surface and inviting potential cyber threats. Unknown subdomains can be challenging, as they are not always closely monitored.

Rapid proliferation of data, growing volume of domains and subdomains, and rise in third-party software have expedited the need for having a robust security program in place. As the web-facing attack surface grows, existing security practices are falling behind.

TL/DR: Gender inequality and the lack of women is ubiquitous in tech companies – more so in cybersecurity. While it has been a debate that’s been on for years, more action needs to take place to empower female professionals and founders in the sector. In honor of International Women’s Day, a handful of women at Detectify shared more about what inspires them and how they encourage other women to take up space despite the challenges and thrive in the security industry every day.

Hacking has always felt like a superpower to me. It is a skill that I have worked on and learned with time. I was introduced to this field by my brother, he is my role model and I have always followed in his footsteps. Once I stepped into this field, there was no turning back. I knew this is what I want to excel at and be known for.

I have a history of creating my own custom “bug bounty automation” systems to automate the process of performing reconnaissance, vulnerability discovery at asset prioritization. These days it’s called “External Attack Surface Management” (EASM). In essence, EASM is hardly a new concept. The name has become fancier since Gartner listed EASM as an emerging product but the concepts are very similar.

Gone are the days when gate-based security processes were the most effective way to ensure security of an organization’s external attack surface. Getting the security team to sign off on every new application or asset before they go live simply is not scalable.

Detectify is aiming to make security understandable and easy to work with. That is why we visualize your security status in several ways in the tool: You can track the progress over time and your Threat Score gives you an instant security level ranking. In the blog post, we will focus on how you should interpret and work with your Threat Score.

“Crowdsourced security provides a way for security teams to expand their efficiency, especially when it comes to managing their external attack surface,” said Rickard Carlsson, Co-founder and CEO of Detectify. “Hackers have eyes and ears all over the web, and they’re constantly monitoring attack surfaces for exploitable entry points.

The holidays are coming up quickly and while many of us are looking forward to getting some human downtime (not technical), some may be feeling the pressure and some stress to make sure everything that needs to be done by the end of the year is in fact done by then, especially with the ongoing log4j aka log4shell security fires happening.

The vulnerability, dubbed CVE-2021-43798 impacted the Grafana dashboard, which is used by companies around the world to monitor and aggregate logs and other parameters from across their local or remote networks. The privately reported bug became a leaked zero-day but was first spotted by Detectify Crowdsource hacker Jordy Versmissen on December 2, after which Grafana was notified by Detectify about the bug.