Detectify - Attack Surface Management

Summary

Detectify automatically scan custom-built apps, find business-critical security vulnerabilities and strengthen your web app security with Application Scanning.

11 min read

Detectify

What is Detectify?

Surface Monitoring strengthens the security of your applications' Internet-facing subdomains and detects exposed files, vulnerabilities, and misconfigurations continuously.

Detectify Scan Result

Crowdsource

Crowdsource is our community of 350+ elite ethical hackers whose newest research is built into Detectify's products daily, in as fast as 15 minutes! Crowdsource researchers have submitted over 1,765 modules, and nearly 240,000 vulnerabilities have been found in Detectify customer assets.

Application Scanning Features

Crawling is an essential part of Application Scanning. It helps explore your website by navigating through the different pages and states, indexing them, and gathering data that serves as input for running tests that produce your findings.

 

Our updated crawler gathers extensive crawling data, enabling Application Scanning to increase vulnerability findings. It has robust support for modern web technology, allowing it to crawl more sites so that a larger customer base can benefit from Application Scanning. To enable the updated crawler, toggle on “Crawling experiments” in Beta features.

 

Fuzz Testing is a security testing technique that relies on manipulating input data with special or even random values called FUZZ into a software system to discover coding errors and security loopholes.

 

To enable a DAST scanner to behave like an automated hacker, our team fundamentally upgraded the way we do fuzzing, making it more creative in finding various vulnerabilities. The new fuzzing engine allows us to find new areas to detect new security-related bugs or other unexpected behaviours.

 

Instead of doing static testing when a scanner checks for expected responses, the new fuzzer performs increased exploratory testing to locate those more innovative and business-critical security vulnerabilities faster than before.

Authenticated testing

Most web applications have areas that everyone can access and areas that are only accessible to users with an account. Examples include:

 

  • Users logged in to an e-commerce site
  • A forum
  • A protected development
  • A pre-production environment

 

A user often has access to more functionality when logged in, including posting comments on a forum, uploading pictures to their profile, or completing a purchase.

 

A comprehensive security evaluation of any web application needs to be able to test areas behind a login. Detectify offers three options for scanning behind login: recorded login, basic authentication, and session cookies.

 

When we’re able to perform authenticated testing, we will find more vulnerabilities and will be able to access things that different users can access.

The Detectify crawler can:

  • Cover pages rendered by Javascript
  • Detect and collect dynamic pages much better than a regular crawler
  • Gather more extensive crawling data for more in-depth results

On this page:

Leave a Reply

Your email address will not be published.