Introducing Dynamic API Scanning
Application environments are more complex than ever, with APIs forming the critical connective tissue. But this proliferation has created a vast, often invisible, attack surface. …
Victor Arellano
AppSec teams often struggle to either validate or scale their security policies, like enforcing security headers or removing risky technologies. This job is easier said than done, and teams are feeling the pinch.
To address these challenges, we launched Attack Surface Custom Policies – a powerful feature built directly into Surface Monitoring that makes it possible to set, enforce, and scale customizable security policies so you can focus on the issues that matter most.
Recently, we launched a new capability to Attack Surface Custom Policies that allows you to set custom policies on technologies across your attack surface. With this update, you can assign a severity rating to a custom policy.
Your vulnerability management system is likely using a rating system, often following the INFORMATION, LOW, MEDIUM, HIGH, and CRITICAL model. This means that you probably have a set of actions to be taken if a vulnerability receives a certain severity rating which helps your team prioritize the threat. By introducing severity ratings to policies, you can ensure these breaches are remediated according to your existing workflows.
We will publish more information on recommendations for severity based on your unique risk context in a later update.
We’ve made several improvements since launching Attack Surface Custom Policies earlier this year. As mentioned above, one of these improvements now makes it possible to spot risks due to technologies discovered across your attack surface. This new functionality will help security teams with several jobs they need to get done.
Whether you are going through a modernization process or just consolidating your tech, Attack Surface Custom Policies will now be able to accelerate that process by automating the discovery of technologies that you no longer want used in your organization. You can read about other use cases here.
Log in to get an overview of what is exposed on your attack surface. If you’re not using Detectify, consider trying it out by signing up today.
Application environments are more complex than ever, with APIs forming the critical connective tissue. But this proliferation has created a vast, often invisible, attack surface. …
The average organization is missing testing 9 out of 10 of their complex web apps that are attacker-attractive targets. To address this, we’re launching new …