Detectify

Stockholm, Sweden
2012
  |  By Victor Arellano
Our new domain connector simplifies and expands support for organizations integrating cloud providers to Detectify. Security teams can now have even greater confidence in the security posture of their attack surface, with increased visibility into the identification, inventorying, and continuous monitoring of the latest vulnerabilities and exposures.
  |  By Detectify
This blog summarizes how the Detectify tool has evolved over 2023, alongside other significant highlights, such as analyst mentions and major developments to Detectify.com, Detectify Blog, and Detectify Labs properties.
  |  By Detectify
For starters, it’s no surprise that the findings revealed that organizations’ most prominent threats during 2023 are vulnerabilities not covered by common disclosure processes, like CVEs. Detectify CEO Rickard Carlsson has been talking about this for some time – his article on the trouble with CVEs and vulnerability management in modern tech stacks demonstrates the risks associated with an overly reliant approach to established methods.
  |  By Victor Arellano
We’ve made several improvements to the attack surface data visible from the overview, such as new IPs and both covered and uncovered assets. We’ve also improved your interaction with fingerprinted technologies across your attack surface.
  |  By Detectify
In order for AppSec and ProdSec teams to stay on top of their growing attack surface, they must understand what parts of their attack surface are being continuously monitored and scanned, such as where, when, what, and how. This can include, but is not limited to.
  |  By Detectify
Here is a list of all new modules recently added from our community of ethical hackers. You can find a complete list of new vulnerabilities added to Surface Monitoring and Application Scanning by viewing the “What’s New?” section in-tool.
  |  By Victor Arellano
We’ve made several improvements to how users can interact with their fingerprinted technologies data, grouping IP data by several parameters, and viewing the latest changes to their expanding attack surface.
  |  By Detectify
It’s not unlikely that your team has a sufficient amount of vulnerability data that they must assess, prioritize, and remediate. Whether that’s a newly discovered vulnerability, an expired SSL certificate, or even a security policy breach – security teams need to get all this data into one place. For AppSec and ProdSec teams to be successful, they need to know which of their assets are exposed and vulnerable so they can take action to enable faster remediation.
  |  By Detectify
New assets, vulnerabilities, and even human errors like server misconfigurations make a continuously updated overview non-negotiable. AppSec and ProdSec teams must take action on newly discovered vulnerabilities and policy breaches quickly and efficiently. Prioritizing which vulnerabilities and risks to remediate first and having this information all in one place will help security teams get the latest insights about their attack surface immediately.
  |  By Detectify
As a security practitioner, the scope and responsibilities of your role have likely changed over the last few years. This is likely an accumulation of: But what hasn’t changed? Regardless of any new scope or responsibilities, you still have a set of things you need to accomplish and get done that are the most important to you.
  |  By Detectify
A webinar focusing on managing external attack surfaces in the context of rapidly changing and growing company infrastructures. The session, hosted by Johanna Ydergård, VP of Product at Detectify, includes a presentation and a Q&A panel. The discussion emphasizes the need to understand what companies expose to the internet and the importance of securing these exposures.
  |  By Detectify
Getting ISO 27001 certified is quite a process, so why should SaaS companies do it? A couple of our security experts, Johan Edholm (co-founder and security engineer at Detectify) and Jenny Gabrielsson (CFO at Detectify) share a use case on Detectify's journey towards ISO 27001 certification.
  |  By Detectify
In this webinar for security teams, you’ll get the latest product updates and take a behind-the-scenes look at upcoming product releases. Whether you’re just getting started with Detectify or are ready to go deeper with new features, you’ll learn to take actionable steps to protect your growing attack surface.
  |  By Detectify
Included by Gartner in 2021 as a major cybersecurity category and an emerging product, the External Attack Surface Management (EASM) term might be new. Still, the idea behind it is nothing new: identifying risks coming from internet-facing assets that an organization may be unaware of.
  |  By Detectify
This question still triggers some interesting discussions among security professionals. Does the perimeter still exist, or has it become impossible to outline due to the immense asset list and expansion of an organization’s attack surface? Included by Gartner in 2021 as a major cybersecurity category and an emerging product, the External Attack Surface Management (EASM) term might be new. Still, the idea behind it is nothing new: identifying risks coming from internet-facing assets that an organization may be unaware of.
  |  By Detectify
What are organizations doing wrong when it comes to security? While today’s code-quality security is good, the sharing between each domain or principle is lacking, such as using infrastructure as code. Some people have become lazy, using other people’s templates and sometimes without knowing the security details. There is no technical depth (the rule now is; if it works, it works). Security metrics are valued by the exploitation that happens. We learn by being hacked, and that is not how it should work.
  |  By Detectify
Penetration testing is a vulnerability detection mechanism that uses multistep and multivector attack scenarios to find vulnerabilities and attempts to exploit them. While some companies might be continuously pentesting, others don’t at all, this is often due to lacking security culture, budget limitations, or both.
  |  By Detectify
Hacking yourself is the only way to protect your attack surface Explore the full breadth and depth of your external attack surface with Detectify. Find out what Internet-facing assets you're exposing, how to fix their vulnerabilities and anomalies, and accurate guidance on what you should improve and prioritize first.
  |  By Detectify
A recording of a panel discussion from Hack Yourself Stockholm 2021 on the theme of attack surface management. Hear the panelists discuss what organizations can do to find and better protect their external attack surface. Featuring security experts from: David Jacoby - Deputy Director for the European Global Research and Analysis Team, Kaspersky Jesper Larsson - Freelance IT-Security Researcher & Penetration Tester Mathias Karlsson - Head of Technical Security, Kivra Shane Murnion - Security Specialist, Skandia.
  |  By Detectify
Our security researchers happen to be talented bug bounty hunters as well as the brains behind of Detectify's efforts to develop a leading-edge API security scanner. Why is developing a reliable API security tool so challenging? It's because every API is different, which means it’s challenging to have a standardized approach to security testing on APIs. Almroth states that the team will focus on developing an API security scanner that focuses on server-side vulnerabilities. Both share that this is going to use fuzzing techniques.
  |  By Detectify
The External Attack Surface Management market category only emerged in mid-2021 but is already seeing significant product development and evolution growth. This e-book demystifies some of the information around EASM - especially its relation to other attack surface management (ASM) product categories and how product security teams can leverage EASM to go beyond asset discovery and inventory.

Detectify is a web security scanner that performs fully automated tests to identify security issues on your website. It tests your website for over 1000 vulnerabilities, including OWASP Top 10, and can be used on both staging and production environments. Detectify’s simple to use interface, integrations with popular developer tools, team functionality, and informative reports simplify security and allow you to integrate it into your workflow.

We work with some of the best white hat hackers in the world through our Detectify Crowdsource platform and our internal security research team to continually build more security tests into our tool. We now scan for over 1000+ known vulnerabilities.

What makes us unique:

  • White hat hackers: Detectify was built by renowned white hat hackers, who have legally hacked companies like Google, Facebook and PayPal. In 2016, we launched Detectify Crowdsource, a global network of 150+ handpicked ethical hackers that continously report their latest findings to us. In the last year, we received 450+ submissions that generated nearly 40 000 findings amongst our users.
  • Usability: The Detectify experience is designed to be easy, fun and accessible. The goal to simplify security has shaped Detectify’s UI, making it both intuitive and easily adjusted to your needs. This is why Detectify seamlessly integrates into the development process and offers integrations with all popular developer tools.
  • Educational: Detectify offers team functionality so that users can easily share reports within their team and/or with clients. Most findings have links to resources where you can read up on the vulnerability and learn how to fix it. You will have access to more than 100 guides, attack demo videos, quizzes etc, which will quickly increase the security awareness in your organisation.

Go Hack Yourself or someone else will.