Search Go hack yourself with Detectify

An EASM blog from Detectify

How to scan your attack surface

August 25, 2022

In 2013, a group of ethical hackers started penetration testing to make the Internet a safer place. After hacking companies such as Google, Facebook among others, they realized they could automate their findings to help companies monitor their attack surface and founded Detectify. Fast forward a few years and Detectify’s Crowdsource network boasts of 400+ elite ethical hackers. Its Surface Monitoring and Application Scanning tools are helping thousands of customers manage their attack surfaces and stay miles ahead of attackers. 

The way it works is that crowdsourced research from our community is automated into powering a dynamic web application security (DAST) scanner and our Surface Monitoring tool that continually searches for vulnerabilities in our customers’ live and public websites.

In this blog, we will be taking you through how we aim to solve your security woes through our hacker-powered tools. What we are most concerned about at the top level is helping you understand what you’ve publicly exposed to the internet. 

As someone at the helm of security in a company, you must ask yourself: 

  • What could an attacker on the internet go and actually find in your web application? 
  • What vulnerabilities can they find in your attack surface? 
  • How can you get a complete inventory of your unknown assets? 
  • What third-party applications do you use which could bring more risks? 

This is where External Attack Surface Management (EASM) comes in. EASM solutions complement existing capabilities in your security team, such as vulnerability assessment, to continuously discover, prioritize and remediate vulnerabilities and anomalies as they occur in production.

Detectify’s EASM solution is fully customizable as there are multiple ways to set up your security team’s reporting, workflow integrations, and much more. Our API also makes it possible for security teams to get the most out of their EASM solution. With Detectify’s Surface Monitoring enabled on your attack surface, you can easily understand and monitor the vulnerabilities and misconfigurations that live in your web applications. 

Diving into our Surface Monitoring tool 

Surface Monitoring is a continuous monitoring solution that we’ve developed that looks at your entire attack surface and finds misconfigurations – whether these are exposed files, passwords, API keys, DNS misconfigurations, or directory listings. Our test list also includes vulnerabilities outside publically available CVE lists or known libraries. Anything we can find with a single request response solution, is what surface monitoring is focused on. 

First and foremost, you need to understand and organize your root assets or apex domains. For a larger parent company, these could be different brands that you own – these could be entirely different companies or different parts of your web application that live on actually different apex domains. 

Once you’ve added your root assets or apex domains into the tool, we automatically help you understand your attack surface and potential unknown assets you might have exposed. Without starting any scans, we’re able to go through and enumerate the public facing subdomains under these assets. We do this for two main reasons – first, we need to actually understand what’s exposed. The second reason is that our customers might not know that certain assets are publicly facing. In some cases, teams don’t even know that these subdomains existed in the first place. On top of just enumerating these subdomains, what we’re also able to do is help you understand the state of your internet-facing assets or endpoints, the open ports, DNS records. Additionally, because we’re doing this continuously, we can help you understand when this was first seen and when this was last seen.

Taking a 360-degree view of your entire attack surface 

Once you’ve added your assets into the tool and are beginning to understand your public facing attack surface, you can actually start scanning and monitoring the set attack surface. 

The tool shows you the unknown vulnerabilities you have in your assets, where it lives, its threat score and its severity. It also scans and gives you insight into when it was first found and when it was last seen, helping you understand whether it’s a new vulnerability and if there is a patch available. You will easily find vulnerabilities in your container environments and your infrastructure-related software, such as Kubernetes Customization Configuration Exposure.

What can you do when you have a particular endpoint to scan? 

While it’s important to have a macro view of your attack surface, it’s also crucial to dive deep into specific endpoints. We’re talking about vertical depth and how you can use fuzzing and crawling and send payloads to understand the vulnerabilities that lie on that page. This is where Application Scanning comes in. 

You create a scan profile and point it at a particular endpoint that you want to dive deeper into and focus on everything after the dot com. We can find threats like server side request forgery and different types of injections, as we’re sending payloads to actually perform that test. A great representation of the power of the Application Scan is through HTML injection. With this tool you can discover undocumented security vulnerabilities, find SQL injections, vulnerabilities behind authentication, input sanitation problems, and SSL and encryption misconfigurations.

How Surface Monitoring and Application Scanning work together 

Surface monitoring is looking at everything, all at once and Application Scan dives deep into a particular endpoint to look into critical data. You and your team can authenticate and let the scanner log in as an admin user and see what can happen if an attacker gains credentials. Those are the scenarios that the Application Scan coupled with the fuzzer allows you to perform. 

What’s in it for you?

Detectify is the only EASM solution that continuously monitors all Internet-facing assets to spot misconfigurations and business-critical threats. 

Detectify users will start to see new vulnerabilities that wouldn’t have been possible to detect before using an automated app security scanner. You may even find vulnerabilities that you thought were fixed. This allows you to work on things that matter, and save time and resources spent on fixing critical vulnerabilities in your web applications.

Try it yourself. Book a demo or sign up for a 2-week trial and start testing your web apps with Detectify today.