Introducing GraphQL Support for API Scanning
Detectify’s new GraphQL API Scanning uses hacker-led research to provide highly accurate (99.7%), payload-based security testing. It identifies complex vulnerabilities, helping enterprises meet PCI DSS …
State of your attack surface, improved user permissions, and many new tests
Victor Arellano
TL/DR: We’ve launched a new filter to simplify how you assess the state of your attack surface and made a few other updates to our products.
Easily assess the state of your attack surface
The attack surface is inevitably going to grow. That’s why we believe it’s crucial for customers to not only know what assets they are exposing online, but knowing to what extent assets are exposed on their attack surface.
Previously, it wasn’t possible to filter the attack surface view by state (you can read more about state here). This limitation made it difficult to assess some Internet-facing assets, such as those that were resolving DNS records with no reachable IPs. Now Surface Monitoring users can filter their attack surface by surface state.
Improvements to Surface Monitoring and Application Scanning:
- Permission settings for Application Scanning users. Previously, admins could do all, and editors could start/stop scans but not schedule, edit, delete, create scans. Now admins and editors can do all these things.
- Tweaking filters on the vulnerabilities view. Users are now presented with the “severity” and “root asset” filters upon visiting the vulnerabilities view. All other filters will be accessible by selecting the “Show more filters” icon.
Recently added crowdsourced vulnerabilities
Here is a list of all new medium, high, and critical severity modules added in the recent days from our community of ethical hackers. You can find a complete list of new vulnerabilities added to Surface Monitoring and Application Scanning by viewing the “What’s New?” section in-tool.
- CVE-2021-23394: elFinder Potential RCE
- CVE-2021-2400: Oracle EBS XXE
- CVE-2021-31805: Apache Struts2 RCE
- CVE-2021-40822: Geoserver SSRF
- CVE-2022-24288: Apache Airflow RCE
- CVE-2022-25568: MotionEye Configuration File Leakage
- CVE-2022-26134: Atlassian Confluence RCE via OGNL Template Injection
- CVE-2022-26960: elFinder Path Traversal
- Guacamole Default Credential
Login to get an overview of what is exposed on your attack surface.
Join our team
We’re hiring engineers, product managers, sales, & more! Learn more.
Check out more content
Introducing IP Range Scanning: continuous Surface Monitoring for your entire network
Most organizations share a common, uncomfortable secret: they can’t answer basic questions about what is actually exposed on their IP ranges. As companies grow, whether …
