Coming hot off our successful funding round of €21.5 million in November 2019, we had no plans of stopping – only speeding up in 2020! In April, Detectify transitioned to a remote-first work policy, but that didn’t hinder our incredible tech teams from developing great things. Let’s take a look!
Over 24 million findings detected this year
This one’s for the stats-lovers. Detectify performed over 475,000 scans in 2020 and the entire testbed detected over 24 million findings of vulnerabilities and technology fingerprints in end-users’ web apps this year. As we continue to grow our hacker community, tech org and customer base, we are starting to see the power of the crowd and how scalability benefits the security of the crowd!
Deploying security tests in 25 minutes
Detectify Crowdsource continued to raise the bar for web application security in 2020. Our community of ethical hackers is now over 250 members spanning around the world and the impact is clear as crowdsourced research generated 65,000 unique hits from the 650+ new security tests built in 2020. We’ve also hit records in implementation timing, submission count and number of 0-days.
We can confidently say we’ve scaled up and sped up security research for our hacker community and customers this year. The average time it took to build modules for high severity security vulnerabilities? Just 25 minutes – for you productivity junkies that’s a pomodoro!
Image: 6 reasons for us to celebrate Detectify Crowdsource
Continuous improvements including a new look and integrations
In 2020 we ramped up the Tech department significantly to evolve the user experience of Detectify in many ways. Besides a new user interface and navigation, we have also added a few product features to make the Asset Monitoring more powerful including DOM Based XSS support and UI improvements to the findings page, onboarding flow, and detailed technologies page.
The most notable change was the improvements to Integrations. Thanks to many customer interviews, we gave integrations for Slack and JIRA a fresh new look.
Image: a fresh Detectify UI
We also upgraded the hacker experience
Behind the scenes, the Crowdsource community got UI improvements and new features including a guaranteed payouts system, user verification process as well as a new leaderboard and module submission form! Learn more about the ethical hacker community that’s not your average bug bounty platform and FAQ’s.
We embraced virtual events 27+ times
We embraced virtual conferences and the zoom boom and participated in 27+ events this year. Detectify security experts were active on webinars and podcasts as we were invited to speak at various events and you can catch some of the talks here:
- Johanna Ydergård, VP of Crowdsource, on Saastr Annual
- Rickard Carlsson, CEO, on Application Security Weekly
- Tom Hudson, Security Research Team Lead, guest speaker with Grammarly
Undetected – a web security podcast launched
Image: Behind the scenes of producing Undetected – a web security podcast
We, like many others, started a podcast. The full season is now up and ready for streaming on Spotify, Apple, Google or wherever you like to listen in. The show takes you to different depths of web security, interviewing experts to get their unique insights on security matters of today. Some to point out include “Bug Bounties – Are They Just a Buzzword?” and “A Lawyer’s take on Hacking”
We believe in this team, and promoted 18 individuals to leadership roles
Detectify continues to grow and our internal statistics show this. In fact we grew our humble Detectify family with 66 new teammates, and promoted 18 individuals into managers and team leads. This brings our new company employee count to 132.
Our gender diversity is now 58% Male and 42% female, and 19 of 21 of our teams have both women and men. We are still working hard to get women on to the last 2 teams without one!
Common nginx misconfigurations
The Crowdsource product and research team at Detectify is growing and it shows. Our Detectify Security Research team is closing off a great year with awesome research including the research on Common Nginx misconfigurations that leave your web server open to attack. This is a starting point for more to come on Nginx, so watch this space!
Web Cache attacks and request smuggling
Awareness for web cache attack vectors and other web browser vulnerabilities has grown in the security space thanks to the research of James Kettle. Our security experts continue to keep their finger on the pulse of security and we’ve got you covered with helpful blogs to explain them: Web Cache Poisoning, Web Cache Entanglement, HTTP request smuggling.
Achieved ISO 27001 certification – yes even SaaS can do it!
In July 2020, Detectify was officially certified for the internationally recognized ISO/IEC 27001:2013 information security standard. This was an intense process that involved everyone at Detectify to buy in and commit to information security practice expected from each one of our customers. To help achieve this feat, we created a Security Champions committee to create and encourage security awareness and best practices throughout the organization.