Search Go hack yourself with Detectify
×

A web security blog from Detectify

Performance improvements, snappier ports, and spring cleaning

May 24, 2022

TL/DR: Spring is in the air, so we’ve been hard at work the last two weeks kicking off the development of new product features and doing some timely spring cleaning.

Get reacquainted with our Vulnerabilities page

The vulnerabilities page allows you to see all findings across your attack surface. This includes simple filters that let you specify what you want to focus on, including the level of severity, which domains you want to look at, and whether it was found in the past week or the past month.

Top tips:

  • Filter by vulnerability title. Filter by title, such as a specific type of XSS, or even the CVE name. This means you can prioritize certain types of vulnerabilities to quickly remediate alongside your development teams. 
  • Bulk actions. We’ve now made it possible to take bulk actions on up to 500 vulnerabilities at a time. This means you can easily change the status of large volumes of vulnerabilities, such as “fixed” or “accepted risk.” 
  • Get to know our API. With our REST API, you can easily access information from the Vulnerabilities page. Check out our API documentation here: https://developer.detectify.com/.

Performance improvements

  • Vulnerabilities as the primary landing page. The Vulnerabilities page gathers and displays all findings from both Surface Monitoring and Application Scanning in one place. From now on, you will reach the Vulnerabilities upon login instead of the Dashboard. The Dashboard will be removed in a few weeks. 
  • Consolidation of Surface Monitoring settings on the Root Assets page. We have now removed the Surface Monitoring settings from the Scanning Settings tab in the menu in order to consolidate all Surface Monitoring settings in one place and to allow the Scanning Settings to evolve into a place with more focus on Application Scanning.
  • Snappier attack surface for customers with many open ports. Previously, customers with many open ports experienced a slower load time. We’ve made some internal improvements to ensure loading open ports is quicker.

Recently added crowdsourced vulnerabilities

Here is a list of all new medium, high, and critical severity modules added in the recent days from our community of ethical hackers. You can find a complete list of new vulnerabilities added to Surface Monitoring and Application Scanning by viewing the “What’s New?” section in tool.

  • CVE-2022-1388: F5 Big-IP iControl REST RCE
  • CVE-2022-0288 Ad Inserter < 2.7.10 – Reflected Cross-Site Scripting
  • CVE-2022-29548: WSO2 Management Console XSS
  • CVE-2021-35587: Oracle Access Manager RCE
  • CVE-2022-30525 Zyxel Firewall Unauthenticated RCE

Login to get an overview of what is exposed on your attack surface. 

Join our team

We’re hiring engineers, product managers, sales, & more! Learn more.