Baking accessibility into our product foundation
TL;DR: Building for everyone, faster. We’re moving from the why to the how. To scale accessibility without losing speed, we’ve overhauled our foundation: A New …
Best Practices
Cybersecurity best practices including how to guides, security awareness and other practical guidance for AppSec and ProdSec teams.
Why inaccessible cybersecurity is a security risk: our path to accessibility
In cybersecurity, an inaccessible tool isn’t just a nuisance: it’s a vulnerability. With the European Accessibility Act tightening regulations across Sweden and the EU, “good …
The API vulnerabilities nobody talks about: excessive data exposure
TLDR: Excessive Data Exposure (leaking internal data via API responses) is the silent, pervasive threat that is more dangerous than single dramatic flaws like SQL …
Migrating Critical Messaging from Self-Hosted RabbitMQ to Amazon MQ
TLDR: We successfully migrated our core RabbitMQ messaging infrastructure from a self-hosted cluster on EKS to managed Amazon MQ to eliminate the significant operational burden …
Why API security is different (and why it matters)
Two months since I joined Detectify and I’ve realized something: API security is a completely different game from web application security. And honestly? I think …
EU Regulating InfoSec: How Detectify helps achieving NIS 2 and DORA compliance
**Disclaimer: The content of this blog post is for general information purposes only and is not legal advice. We are very passionate about cybersecurity rules and …
A practitioner’s guide to classifying every asset in your attack surface
TLDR: This article details methods and tools (from DNS records and IP addresses to HTTP analysis and HTML content) that practitioners can use to classify …
DNS is the center of the modern attack surface – are you protecting all levels?
If you are a mature organization, you might manage an external IP block of 65,000 IP addresses (equivalent to a /16 network). In contrast, very …