The API vulnerabilities nobody talks about: excessive data exposure
TLDR: Excessive Data Exposure (leaking internal data via API responses) is the silent, pervasive threat that is more dangerous than single dramatic flaws like SQL …
Best Practices
Cybersecurity best practices including how to guides, security awareness and other practical guidance for AppSec and ProdSec teams.
Migrating Critical Messaging from Self-Hosted RabbitMQ to Amazon MQ
TLDR: We successfully migrated our core RabbitMQ messaging infrastructure from a self-hosted cluster on EKS to managed Amazon MQ to eliminate the significant operational burden …
Why API security is different (and why it matters)
Two months since I joined Detectify and I’ve realized something: API security is a completely different game from web application security. And honestly? I think …
EU Regulating InfoSec: How Detectify helps achieving NIS 2 and DORA compliance
**Disclaimer: The content of this blog post is for general information purposes only and is not legal advice. We are very passionate about cybersecurity rules and …
A practitioner’s guide to classifying every asset in your attack surface
TLDR: This article details methods and tools (from DNS records and IP addresses to HTTP analysis and HTML content) that practitioners can use to classify …
DNS is the center of the modern attack surface – are you protecting all levels?
If you are a mature organization, you might manage an external IP block of 65,000 IP addresses (equivalent to a /16 network). In contrast, very …
Making security a business value enabler, not a gatekeeper
The traditional perception of security within an organization is as a barrier rather than a facilitator, imposing approval processes and regulations that inevitably slow down …
How to Prevent a Subdomain Takeover in Your Organization
When was the last time you checked DNS configurations for subdomains pointing at services not in use? According to Crowdsource ethical hacker Thomas Chauchefoin, while …