Home / Companies / Detectify / Blog / July 2021

July 2021 Summaries

3 posts from Detectify

Filter
Month: Year:
Post Summaries Back to Blog
Detectify has curated a list of their most popular blog posts on common web vulnerabilities to aid both hackers and defenders in securing web applications, which represent the largest attack surface for modern tech organizations. These vulnerabilities, which extend beyond the OWASP Top 10, include issues like NGINX misconfigurations, server-side request forgery (SSRF), sensitive data exposure, cross-site scripting (XSS), HTTP response splitting, open redirects, CORS misconfigurations, email spoofing, content security policy (CSP) bypassing, HTTP request smuggling, and hostile subdomain takeover. Detectify collaborates with an elite community of ethical hackers, known as Detectify Crowdsource, to provide cutting-edge vulnerability research and mitigation techniques. Their automated scanner offers a safe simulation of hacker payloads, allowing organizations to proactively test their web applications for these vulnerabilities. A 2-week free trial of their service is available to assess the security of web applications against these threats.
Jul 28, 2021 820 words in the original blog post.
Detectify leverages a global community of ethical hackers, known as Crowdsource, to provide continuous updates on high-severity vulnerabilities, including zero-day exploits, which are shared with users before official patches are released. Since June 2020, over 600 vulnerability reports have been submitted by this community, highlighting the most critical Common Vulnerabilities and Exposures (CVEs) found in widely used technologies, such as PHP-FPM with NGINX, GitLab, rConfig, SharePoint Server, and Cisco ASA, each with a high CVSS score indicating their potential threat levels. Detectify emphasizes the importance of crowdsourced, cloud-based, and continuous web security integrated with development processes to effectively manage modern cyber threats, offering weekly security updates and encouraging users to begin vulnerability scans immediately through their platform.
Jul 12, 2021 580 words in the original blog post.
Detectify offers a buyer's guide for scalable application security, emphasizing the need for effective tools that facilitate collaboration and enhance security across organizations. The guide highlights the importance of understanding where vulnerabilities are most likely to occur, starting with production environments, and suggests obtaining a comprehensive inventory of the tech stack to identify shadow IT. It advocates for using modern application security tools, such as bug bounty programs or automated scanners, to anticipate attacks and remediate vulnerabilities before they are exploited. Integration of security alerts into popular development tools is recommended to streamline the process from detection to resolution. The guide encourages a positive security culture with shared responsibility, transparency, and collaboration, including working with ethical hackers. It also outlines success measures for appsec tools, such as reducing the time for vulnerabilities to be detected and fixed, lowering false positives, and minimizing shadow IT risks. Detectify collaborates with an ethical hacker community to provide up-to-date security insights and offers a trial to experience its approach to continuous, efficient application security.
Jul 02, 2021 2,228 words in the original blog post.