Search Go hack yourself with Detectify
×

A web security blog from Detectify

State of your attack surface, improved user permissions, and many new tests

June 30, 2022

TL/DR: We’ve launched a new filter to simplify how you assess the state of your attack surface and made a few other updates to our products.

Easily assess the state of your attack surface

The attack surface is inevitably going to grow. That’s why we believe it’s crucial for customers to not only know what assets they are exposing online, but knowing to what extent assets are exposed on their attack surface.

Previously, it wasn’t possible to filter the attack surface view by state (you can read more about state here). This limitation made it difficult to assess some Internet-facing assets, such as those that were resolving DNS records with no reachable IPs. Now Surface Monitoring users can filter their attack surface by surface state.

Improvements to Surface Monitoring and Application Scanning:

  • Permission settings for Application Scanning users. Previously, admins could do all, and editors could start/stop scans but not schedule, edit, delete, create scans. Now admins and editors can do all these things.
  • Tweaking filters on the vulnerabilities view. Users are now presented with the “severity” and “root asset” filters upon visiting the vulnerabilities view. All other filters will be accessible by selecting the “Show more filters” icon.

Recently added crowdsourced vulnerabilities

Here is a list of all new medium, high, and critical severity modules added in the recent days from our community of ethical hackers. You can find a complete list of new vulnerabilities added to Surface Monitoring and Application Scanning by viewing the “What’s New?” section in-tool.

  • CVE-2021-23394: elFinder Potential RCE
  • CVE-2021-2400: Oracle EBS XXE
  • CVE-2021-31805: Apache Struts2 RCE
  • CVE-2021-40822: Geoserver SSRF
  • CVE-2022-24288: Apache Airflow RCE
  • CVE-2022-25568: MotionEye Configuration File Leakage
  • CVE-2022-26134: Atlassian Confluence RCE via OGNL Template Injection
  • CVE-2022-26960: elFinder Path Traversal
  • Guacamole Default Credential

Login to get an overview of what is exposed on your attack surface. 

Join our team

We’re hiring engineers, product managers, sales, & more! Learn more.