Stockholm, Sweden
Jun 15, 2022   |  By Detectify
Taking action on your attack surface requires a complete overview of what is exposed. This includes details such as open – and previously open! – ports, DNS records, and when the asset was last seen. These details help security teams respond more effectively to issues as they occur in production. It’s now possible for Surface Monitoring customers to drill down into an asset with the new Details page, which you can access by selecting an asset from the Attack Surface view.
Jun 9, 2022   |  By Detectify
Getting a complete overview of the growing attack surface is difficult. Regardless of how security is organised in your organisation, knowing what Internet-facing assets are exposed and if those assets are vulnerable across many different teams is no simple task. This is doubly true for security teams with dozens – or even hundreds! – of dev teams. We’ve now made it possible for customers on the Enterprise Plan to create and manage subteams through the Detectify API.
Jun 8, 2022   |  By Detectify
Getting the freshest insights on what vulnerabilities you have is essential for any vulnerability management program. Until recently, it wasn’t very clear when Application Scanning would execute a scan on an asset. This introduced unnecessary complexity for some users, particularly those with a large attack surface. Now, Application Scanning users can easily view all of the upcoming scans on a single page.
Jun 7, 2022   |  By Detectify
Surface Monitoring is a leading external attack surface management (EASM) product aimed at identifying, assessing, and prioritizing web vulnerabilities. This new category of cybersecurity products provides a layer of protection that was previously unavailable to organizations due to a lack of automation and tools. Surface Monitoring was conceived based on the success of a previous security product from Detectify that had been in the market since 2015.
May 31, 2022   |  By Detectify
The attack surface is an organization’s digital exposure that an attacker could exploit to get unauthorized access to a system and extract data or other sensitive information. It could also be used as a point within a chain of attacks. As Organizations increasingly rely on SaaS services and products, the digital attack surface is more than the firewall and network.
May 24, 2022   |  By Detectify
The vulnerabilities page allows you to see all findings across your attack surface. This includes simple filters that let you specify what you want to focus on, including the level of severity, which domains you want to look at, and whether it was found in the past week or the past month.
May 18, 2022   |  By Detectify
Included by Gartner in 2021 as a major cybersecurity category and an emerging product, the External Attack Surface Management (EASM) term might be new. Still, the idea behind it is nothing new: identifying risks coming from internet-facing assets that an organization may be unaware of. A few companies, including Detectify, have been highlighting the importance of the attack surface and understanding the potential risks of the constantly-changing environment.
May 10, 2022   |  By Detectify
Remediating vulnerabilities efficiently is the cornerstone of a great vulnerability management program. Prioritizing becomes paramount as resources are often limited. Sometimes teams might pinpoint specific vulnerability types that are particularly risky for their attack surfaces, such as a misconfigured Amazon S3 bucket or even a new XSS vulnerability. Users can now filter the /Vulnerabilities view by title, such as a specific type of XSS or even the CVE name.
May 4, 2022   |  By Detectify
When Algolia’s security program manager Regina Bluman ran a Twitter poll to see how many people within the security industry understood the concept of EASM, she didn’t expect that the term is far from being on an IT security team’s radar. Moreover, most were not even aware of it.
Apr 29, 2022   |  By Detectify
The attack surface is inevitably going to grow. That’s why we believe it’s crucial for customers to not only know what assets they are exposing online but knowing to what extent assets are exposed. Users can now toggle the view of their attack surface by active and inactive assets. When toggled on, users will see all active assets present on their attack surface in the last 14 calendar days making it easier to discern what may no longer be on the attack surface.
May 18, 2022   |  By Detectify
Included by Gartner in 2021 as a major cybersecurity category and an emerging product, the External Attack Surface Management (EASM) term might be new. Still, the idea behind it is nothing new: identifying risks coming from internet-facing assets that an organization may be unaware of.
May 18, 2022   |  By Detectify
This question still triggers some interesting discussions among security professionals. Does the perimeter still exist, or has it become impossible to outline due to the immense asset list and expansion of an organization’s attack surface? Included by Gartner in 2021 as a major cybersecurity category and an emerging product, the External Attack Surface Management (EASM) term might be new. Still, the idea behind it is nothing new: identifying risks coming from internet-facing assets that an organization may be unaware of.
May 18, 2022   |  By Detectify
What are organizations doing wrong when it comes to security? While today’s code-quality security is good, the sharing between each domain or principle is lacking, such as using infrastructure as code. Some people have become lazy, using other people’s templates and sometimes without knowing the security details. There is no technical depth (the rule now is; if it works, it works). Security metrics are valued by the exploitation that happens. We learn by being hacked, and that is not how it should work.
May 18, 2022   |  By Detectify
Penetration testing is a vulnerability detection mechanism that uses multistep and multivector attack scenarios to find vulnerabilities and attempts to exploit them. While some companies might be continuously pentesting, others don’t at all, this is often due to lacking security culture, budget limitations, or both.
Jan 21, 2022   |  By Detectify
Hacking yourself is the only way to protect your attack surface Explore the full breadth and depth of your external attack surface with Detectify. Find out what Internet-facing assets you're exposing, how to fix their vulnerabilities and anomalies, and accurate guidance on what you should improve and prioritize first.
Dec 22, 2021   |  By Detectify
A recording of a panel discussion from Hack Yourself Stockholm 2021 on the theme of attack surface management. Hear the panelists discuss what organizations can do to find and better protect their external attack surface. Featuring security experts from: David Jacoby - Deputy Director for the European Global Research and Analysis Team, Kaspersky Jesper Larsson - Freelance IT-Security Researcher & Penetration Tester Mathias Karlsson - Head of Technical Security, Kivra Shane Murnion - Security Specialist, Skandia
Aug 4, 2021   |  By Detectify
Our security researchers happen to be talented bug bounty hunters as well as the brains behind of Detectify's efforts to develop a leading-edge API security scanner. Why is developing a reliable API security tool so challenging? It's because every API is different, which means it’s challenging to have a standardized approach to security testing on APIs. Almroth states that the team will focus on developing an API security scanner that focuses on server-side vulnerabilities. Both share that this is going to use fuzzing techniques.
Aug 2, 2021   |  By Detectify
Yes the rumors are true, the teams at Detectify are working hard at researching and developing security testing for APIs. Senior security researchers, Tom Hudson and Fredrik Nordberg Almroth answer questions about API security. Just like web apps, APIs can’t be secured with rule-based automated scanners - they need context! That’s why we are developing our fuzzing engine to cover public-facing APIs and test them like a hacker would.
Feb 18, 2021   |  By Detectify
Unleash the power of ethical hacker knowledge - straight into your security workflows.
Jul 3, 2020   |  By Detectify
There are many paths you can take to become a security professional. In this episode, host Laura Kankaala talks with Tom Hudson (aka @TomNomNom) about his learning journey with computers and hacking which began with him taking it all apart. Tom’s tinkering obsession introduced him to the world of hacking and bug bounty competitions. Besides chasing bugs, Tom is also passionate about passing on knowledge through his particular teaching style, and he discusses some of the common struggles of people who are just getting started with security, but also what are the kinds of questions are the good questions to ask along the way.

Detectify is a web security scanner that performs fully automated tests to identify security issues on your website. It tests your website for over 1000 vulnerabilities, including OWASP Top 10, and can be used on both staging and production environments. Detectify’s simple to use interface, integrations with popular developer tools, team functionality, and informative reports simplify security and allow you to integrate it into your workflow.

We work with some of the best white hat hackers in the world through our Detectify Crowdsource platform and our internal security research team to continually build more security tests into our tool. We now scan for over 1000+ known vulnerabilities.

What makes us unique:

  • White hat hackers: Detectify was built by renowned white hat hackers, who have legally hacked companies like Google, Facebook and PayPal. In 2016, we launched Detectify Crowdsource, a global network of 150+ handpicked ethical hackers that continously report their latest findings to us. In the last year, we received 450+ submissions that generated nearly 40 000 findings amongst our users.
  • Usability: The Detectify experience is designed to be easy, fun and accessible. The goal to simplify security has shaped Detectify’s UI, making it both intuitive and easily adjusted to your needs. This is why Detectify seamlessly integrates into the development process and offers integrations with all popular developer tools.
  • Educational: Detectify offers team functionality so that users can easily share reports within their team and/or with clients. Most findings have links to resources where you can read up on the vulnerability and learn how to fix it. You will have access to more than 100 guides, attack demo videos, quizzes etc, which will quickly increase the security awareness in your organisation.

Go Hack Yourself or someone else will.