Infinite payloads? The future of API Testing with dynamic fuzzing
What if we told you that our newly released API Scanner has 922 quintillion payloads for a single type of vulnerability test? A quintillion is …
Quickly access insights about apex domains on the attack surface
Victor Arellano
Customers now have the ability to drill down into specific apex domains by simply clicking one of them from the Root Assets page to see more critical insights about their assets.
In a previous update, we highlighted the improved navigation to the attack surface. Improving the navigation to the attack surface ensures Surface Monitoring users can easily access critical information about their exposed assets, such as attack surface state, their DNS footprint, and open ports.
When a user accesses the attack surface, they have the option to view their root assets (often the apex domains) via the Root Assets tab. The Root Assets tab shows a complete list of apex domains that can be covered by Surface Monitoring. Now, when a user selects an apex domain from the Root assets tab, they are directly shown all subdomains connected to that domain as well as which of these are currently active.
Easily create a scan profile from the attack surface
The Surface Management view gives Surface Monitoring users critical information about their expanding attack surface in a single view. In order to ensure security of newly discovered websites, the first point of action should always be to create a scan profile for it and execute an Application Scan. Now, users can simply add a scan profile to any domain from the attack surface as well as from the details page of an asset.
Recently added crowdsourced vulnerabilities
Here is a list of all new medium, high, and critical severity modules added in the recent days from our community of ethical hackers. You can find a complete list of new vulnerabilities added to Surface Monitoring and Application Scanning by viewing the “What’s New?” section in-tool.
- Nginx ngx-cache-purge Cache XSS
- CVE-2022-33891: Apache Spark RCE
- ThinkPHP Local File Inclusion
- Geoserver Default Credentials
- CVE-2022-29298: SolarView Compact 6.00 Directory Traversal
- CVE-2022-26138: Atlassian Confluence App “Questions for Confluence” Hardcoded Password
Log in to get an overview of what is exposed on your attack surface.
Join our team
We’re hiring engineers, product managers, sales, & more! Learn more.
Check out more content
Introducing Dynamic API Scanning
Application environments are more complex than ever, with APIs forming the critical connective tissue. But this proliferation has created a vast, often invisible, attack surface. …
