Search What is Detectify?
×

Detectify's Year in Review 2016

December 14, 2016

Just in time for this year to end, we have summarized the highlights of our 2016. Here’s a recap of the last 12 months and what has happened at Detectify.

+30 events

Name any security conference, and the chances that we were there are pretty high! 2016 truly was the year of events. We managed to participate as speakers in +30 events – everything from breakfast seminars, meetups to keynote talks at huge international conferences like Deepsec, Code Europe, Sikkerhetssymposiet and The Next Web.
Here’s a talk by our security advisor Frans Rosén from The Next Web in Amsterdam. 

Here’s the panel discussion from Slush where Detectify’s Frans Rosén shared his white hat hacker experiences and encouraged startups to focus on security (… and eat more lasagna). 

Our talk “The smörgåsbord of web app hacking” at the Swedish developer conference Nordic.js was a success!

Released a new crawler

The crawler is the heart of the Detectify service, and therefore it deserves a lot of love and thorough work from our top developers. In September this year, we released a brand new crawler that enabled smarter scans and more relevant findings. Want to know more about our Crawler 2.0? Read this blog post and make sure to run a scan and make the crawler earn its living!

New team members

2016 was the year when Detectify really grew as a company. We hired new people in both sales, tech, security and marketing. We now have an awesome range of nationalities (Italian, Macedonian, American, Romanian, Slovenian, Swedish etc) and ages (from 17-year old Linus to our CIO Johan, whom we internally call ‘Gandalf’, because of his wisdom).

Want to know more about the people behind Detectify? Read up on our team members on our Meet the team series!

Parts of our awesome team

Released a OWASP Top 10 view

One of our favorite releases this year included a brand new OWASP view from where you can get a quick and easy overview whether your site passes or fails OWASP Top 10 tests (the most common and severe vulnerabilities).

We also published a well-read blog series on OWASP Top 10, in case you’re curious about a specific OWASP category and want to learn more.

Welcome as clients Trello, Pipedrive and many more!

We have gotten a bunch of new customers that are not only awesome because of their services but because of their security-first mindset. Thank you for using Detectify to secure your websites with automation. Want to know more about our customers? Read up on our testimonials here.

Worldwide press coverage on our security write-ups

Our security research was on numerous occasions picked up by leading tech sites such as Mashable, The Next Web, Observer and Computerworld. Here’s a few examples of the stories and writeups that made a splash in international media:

Thank you for helping us sharing security knowledge and making the internet a safer place!

New integrations

We aim for Detectify to become a standard developer tool, and we know there’s no way we can achieve that unless we integrate with developers’ favorite tools and products. So, during the year we have released several new integrations – one of the most anticipated ones being the JIRA integration!

Have any suggestions on integrations you’d like to see in the future? Drop us an email! 

We teamed up with the world’s best white hat hackers

We believe in the power of the crowd, which is why we extended our team of security experts with a crowdsourced bug bounty platform; Detectify Crowdsource. This allows us to bring in independent security researchers from all over the world that will help us ensure that Detectify remains the most up-to-date and thorough security service for web applications

Want to know more about how Detectify Crowdsource works? Watch this video interview with our CEO Rickard Carlsson and Security Expert and Detectify Co-Founder Fredrik Almroth Nordberg

Detectify on WIRED’s list of Europe’s hottest startups

To our great surprise, we were listed as one of Europe’s hottest startups by Wired UK. Awesome news! Thanks to WIRED and congratulations to the other startups that were listed!

…but that wasn’t the only nomination we received

Our developer Natasha Lazarova was listed on TechWorld’s list of Sweden’s 50 best developers and our security researcher Jonatan Haltorp was nominated for Security Awards in Sweden. What a team we have!

E-commerce security as our focus

As the holiday shopping season approached, we dug into e-commerce security and did an extensive blog series on e-commerce security. Our research on the use of HTTPS in Swedish online stores got us invited to national TV program Nyhetsmorgon.  

Detectify’s Frans Rosén shared some online shopping security tips on Nyhetsmorgon!

Friday team breakfasts

Every other Friday means team breakfast around the ping pong table! These have been a highlight throughout the year and something we look forward to bringing into the new year.

Hosted a hippie festival with our office-coworkers

Our epic location next to the water at Långholmen, Stockholm was well suited for a hippie festival. We joined forces with our office co-workers at Ding, Shipwallet, Young/Skilled and The T-shirt store and hosted an unforgettable hippie festival named Mälarstock, hopefully one of many to come!

Launched partnerships with Basefarm and Office IT Partner

We have signed collaboration deals with Office IT Partner, Swedish IT service firm, and Basefarm, a leading service provider of applications, this year. Their customers will now be able to security test their websites in order to identify and fix potential vulnerabilities with the help of Detectify – alles gut, right?! We also kicked off our collaborations with (you guessed it), a fully packed breakfast seminar with Basefarm and a talk at Office IT Partner’s internal conference.

Our Go Hack Yourself-stickers are taking over the world

We love getting updates on how our users and followers use our tagline stickers. Keep sharing!

20 newsletters

We’ve sent over 20 newsletters about the latest security news. Although you seem to like our content, we’d love to know more about what you want us to cover next year. Drop us an email with your content requests on hello [at] detectify.com

Guest​ ​blogging​ ​FTW

During​ ​the​ ​year,​ ​our​ ​team​ ​members​ ​guest​ ​blogged​ ​for​ ​sites​ ​such​ ​as​ ​BugCrowd​ ​and​ ​Internetworld.​ ​We  shared​ ​our​ ​best​ ​tips​ ​on​ ​everything​ ​from​ ​using​ ​a​ ​Braun​ ​Shaver​ ​to​ ​bypass​ ​XSS​ ​audit​ ​to​ ​working​ ​with​ ​data​ ​in  the​ ​most​ ​efficient​ ​way.​ ​

We​ ​also​ ​got​ ​some​ ​awesome​ ​guest​ ​blogs​ ​on​ ​our​ ​own security​ ​blogs.​ ​Check​ ​out​ ​popular posts​ ​like:

The service desk as an attack vector by @emalstm
Tips for running an onion by @dotchloe 

Our data scientist Andrea guest blogged for Internetworld earlier this year!

Speaking of our very own Mr Data, he has summarized Detectify’s numbers for 2016

Top 3 scan-busy days of the year

2016-10-06
2016-09-15
2016-09-22

Top 5 most found vulnerabilities (Critical, CVSS>6.0)

Cross Site Scripting (XSS)
Login Cross Site Request Forgery (CSRF/XSRF)
SQL Injection
Blind SQL Injection
Local File Inclusion (LFI)

Top 5 most found vulnerabilities (Medium, 3.0<CVSS<=6.0)

Cross Site Request Forgery (CSRF/XSRF)
External Links using target=’_blank’
Full Path Disclosure
Cookie is not set to be HttpOnly
HTTPS Stripping

Top 5 most found vulnerabilities (Low, 0<CVSS<=3.0)

Invalid HTML Content
Empty Document
Metadata Information Leakage
Technology Disclosure
Operating System Disclosure

Curious to find out if your website has any of the security issues listed above? 

Run a Detectify security scan

That’s all from us, we look forward to seeing what the upcoming year holds in store! Happy Holidays!