Just in time for this year to end, we have summarized the highlights of our 2016. Here’s a recap of the last 12 months and what has happened at Detectify.
Name any security conference, and the chances that we were there are pretty high! 2016 truly was the year of events. We managed to participate as speakers in +30 events – everything from breakfast seminars, meetups to keynote talks at huge international conferences like Deepsec, Code Europe, Sikkerhetssymposiet and The Next Web.
Here’s a talk by our security advisor Frans Rosén from The Next Web in Amsterdam.
Here’s the panel discussion from Slush where Detectify’s Frans Rosén shared his white hat hacker experiences and encouraged startups to focus on security (… and eat more lasagna).
Our talk “The smörgåsbord of web app hacking” at the Swedish developer conference Nordic.js was a success!
Released a new crawler
The crawler is the heart of the Detectify service, and therefore it deserves a lot of love and thorough work from our top developers. In September this year, we released a brand new crawler that enabled smarter scans and more relevant findings. Want to know more about our Crawler 2.0? Read this blog post and make sure to run a scan and make the crawler earn its living!
New team members
2016 was the year when Detectify really grew as a company. We hired new people in both sales, tech, security and marketing. We now have an awesome range of nationalities (Italian, Macedonian, American, Romanian, Slovenian, Swedish etc) and ages (from 17-year old Linus to our CIO Johan, whom we internally call ‘Gandalf’, because of his wisdom).
Want to know more about the people behind Detectify? Read up on our team members on our Meet the team series!
Parts of our awesome team
Released a OWASP Top 10 view
One of our favorite releases this year included a brand new OWASP view from where you can get a quick and easy overview whether your site passes or fails OWASP Top 10 tests (the most common and severe vulnerabilities).
We also published a well-read blog series on OWASP Top 10, in case you’re curious about a specific OWASP category and want to learn more.
Welcome as clients Trello, Pipedrive and many more!
We have gotten a bunch of new customers that are not only awesome because of their services but because of their security-first mindset. Thank you for using Detectify to secure your websites with automation. Want to know more about our customers? Read up on our testimonials here.
Worldwide press coverage on our security write-ups
Our security research was on numerous occasions picked up by leading tech sites such as Mashable, The Next Web, Observer and Computerworld. Here’s a few examples of the stories and writeups that made a splash in international media:
- Misconfigured email servers open the door to spoofed emails from top domains by security researcher Linus Särud
- How I made LastPass give me all your passwords by security researcher Mattias Karlsson
- Slack bot token leakage exposing business critical information by security advisor Frans Rosén
Thank you for helping us sharing security knowledge and making the internet a safer place!
We aim for Detectify to become a standard developer tool, and we know there’s no way we can achieve that unless we integrate with developers’ favorite tools and products. So, during the year we have released several new integrations – one of the most anticipated ones being the JIRA integration!
Have any suggestions on integrations you’d like to see in the future? Drop us an email!
We teamed up with the world’s best white hat hackers
We believe in the power of the crowd, which is why we extended our team of security experts with a crowdsourced bug bounty platform; Detectify Crowdsource. This allows us to bring in independent security researchers from all over the world that will help us ensure that Detectify remains the most up-to-date and thorough security service for web applications
Want to know more about how Detectify Crowdsource works? Watch this video interview with our CEO Rickard Carlsson and Security Expert and Detectify Co-Founder Fredrik Almroth Nordberg
Detectify on WIRED’s list of Europe’s hottest startups
To our great surprise, we were listed as one of Europe’s hottest startups by Wired UK. Awesome news! Thanks to WIRED and congratulations to the other startups that were listed!
…but that wasn’t the only nomination we received
Our developer Natasha Lazarova was listed on TechWorld’s list of Sweden’s 50 best developers and our security researcher Jonatan Haltorp was nominated for Security Awards in Sweden. What a team we have!
E-commerce security as our focus
As the holiday shopping season approached, we dug into e-commerce security and did an extensive blog series on e-commerce security. Our research on the use of HTTPS in Swedish online stores got us invited to national TV program Nyhetsmorgon.
Friday team breakfasts
Every other Friday means team breakfast around the ping pong table! These have been a highlight throughout the year and something we look forward to bringing into the new year.
Hosted a hippie festival with our office-coworkers
Our epic location next to the water at Långholmen, Stockholm was well suited for a hippie festival. We joined forces with our office co-workers at Ding, Shipwallet, Young/Skilled and The T-shirt store and hosted an unforgettable hippie festival named Mälarstock, hopefully one of many to come!
Launched partnerships with Basefarm and Office IT Partner
We have signed collaboration deals with Office IT Partner, Swedish IT service firm, and Basefarm, a leading service provider of applications, this year. Their customers will now be able to security test their websites in order to identify and fix potential vulnerabilities with the help of Detectify – alles gut, right?! We also kicked off our collaborations with (you guessed it), a fully packed breakfast seminar with Basefarm and a talk at Office IT Partner’s internal conference.
Our Go Hack Yourself-stickers are taking over the world
We love getting updates on how our users and followers use our tagline stickers. Keep sharing!
We’ve sent over 20 newsletters about the latest security news. Although you seem to like our content, we’d love to know more about what you want us to cover next year. Drop us an email with your content requests on hello [at] detectify.com
Guest blogging FTW
During the year, our team members guest blogged for sites such as BugCrowd and Internetworld. We shared our best tips on everything from using a Braun Shaver to bypass XSS audit to working with data in the most efficient way.
We also got some awesome guest blogs on our own security blogs. Check out popular posts like:
Our data scientist Andrea guest blogged for Internetworld earlier this year!
Speaking of our very own Mr Data, he has summarized Detectify’s numbers for 2016
Top 3 scan-busy days of the year
Top 5 most found vulnerabilities (Critical, CVSS>6.0)
Cross Site Scripting (XSS)
Login Cross Site Request Forgery (CSRF/XSRF)
Blind SQL Injection
Local File Inclusion (LFI)
Top 5 most found vulnerabilities (Medium, 3.0<CVSS<=6.0)
Cross Site Request Forgery (CSRF/XSRF)
External Links using target=’_blank’
Full Path Disclosure
Cookie is not set to be HttpOnly
Top 5 most found vulnerabilities (Low, 0<CVSS<=3.0)
Invalid HTML Content
Metadata Information Leakage
Operating System Disclosure
Curious to find out if your website has any of the security issues listed above?