Search Go hack yourself with Detectify
×

A web security blog from Detectify

Quickly access insights about apex domains on the attack surface

Victor Arellano / August 3, 2022

TL/DR: Customers now have the ability to drill down into specific apex domains by simply clicking one of them from the Root Assets page to see more critical insights about their assets. 

Access all domains for apex domains in a single click 

In a previous update, we highlighted the improved navigation to the attack surface. Improving the navigation to the attack surface ensures Surface Monitoring users can easily access critical information about their exposed assets, such as attack surface state, their DNS footprint, and open ports.

When a user accesses the attack surface, they have the option to view their root assets (often the apex domains) via the Root Assets tab. The Root Assets tab shows a complete list of apex domains that can be covered by Surface Monitoring. Now, when a user selects an apex domain from the Root assets tab, they are directly shown all subdomains connected to that domain as well as which of these are currently active.

Easily create a scan profile from the attack surface

The Surface Management view gives Surface Monitoring users critical information about their expanding attack surface in a single view. In order to ensure security of newly discovered websites, the first point of action should always be to create a scan profile for it and execute an Application Scan. Now, users can simply add a scan profile to any domain from the attack surface as well as from the details page of an asset.

Recently added crowdsourced vulnerabilities

Here is a list of all new medium, high, and critical severity modules added in the recent days from our community of ethical hackers. You can find a complete list of new vulnerabilities added to Surface Monitoring and Application Scanning by viewing the “What’s New?” section in-tool.

  • Nginx ngx-cache-purge Cache XSS
  • CVE-2022-33891: Apache Spark RCE
  • ThinkPHP Local File Inclusion
  • Geoserver Default Credentials
  • CVE-2022-29298: SolarView Compact 6.00 Directory Traversal
  • CVE-2022-26138: Atlassian Confluence App “Questions for Confluence” Hardcoded Password

Log in to get an overview of what is exposed on your attack surface.

Join our team

We’re hiring engineers, product managers, sales, & more! Learn more.