Why API security is different (and why it matters)
Two months since I joined Detectify and I’ve realized something: API security is a completely different game from web application security. And honestly? I think …
Best Practices
Cybersecurity best practices including how to guides, security awareness and other practical guidance for AppSec and ProdSec teams.
EU Regulating InfoSec: How Detectify helps achieving NIS 2 and DORA compliance
**Disclaimer: The content of this blog post is for general information purposes only and is not legal advice. We are very passionate about cybersecurity rules and …
A practitioner’s guide to classifying every asset in your attack surface
TLDR: This article details methods and tools (from DNS records and IP addresses to HTTP analysis and HTML content) that practitioners can use to classify …
DNS is the center of the modern attack surface – are you protecting all levels?
If you are a mature organization, you might manage an external IP block of 65,000 IP addresses (equivalent to a /16 network). In contrast, very …
Making security a business value enabler, not a gatekeeper
The traditional perception of security within an organization is as a barrier rather than a facilitator, imposing approval processes and regulations that inevitably slow down …
How to Prevent a Subdomain Takeover in Your Organization
When was the last time you checked DNS configurations for subdomains pointing at services not in use? According to Crowdsource ethical hacker Thomas Chauchefoin, while …
Job-to-be-Done: Understand what is being continuously tested and monitored across my attack surface
In order for AppSec and ProdSec teams to stay on top of their growing attack surface, they must understand what parts of their attack surface …
Job-to-be-Done: Quickly resolve exposures and vulnerabilities
It’s not unlikely that your team has a sufficient amount of vulnerability data that they must assess, prioritize, and remediate. Whether that’s a newly discovered …