New API testing category now available
Our API scanner can test for dozens of vulnerability types like prompt injections and misconfigurations. We’re excited to share today that we’re releasing vulnerability tests …
State of your attack surface, improved user permissions, and many new tests
Victor Arellano
TL/DR: We’ve launched a new filter to simplify how you assess the state of your attack surface and made a few other updates to our products.
Easily assess the state of your attack surface
The attack surface is inevitably going to grow. That’s why we believe it’s crucial for customers to not only know what assets they are exposing online, but knowing to what extent assets are exposed on their attack surface.
Previously, it wasn’t possible to filter the attack surface view by state (you can read more about state here). This limitation made it difficult to assess some Internet-facing assets, such as those that were resolving DNS records with no reachable IPs. Now Surface Monitoring users can filter their attack surface by surface state.
Improvements to Surface Monitoring and Application Scanning:
- Permission settings for Application Scanning users. Previously, admins could do all, and editors could start/stop scans but not schedule, edit, delete, create scans. Now admins and editors can do all these things.
- Tweaking filters on the vulnerabilities view. Users are now presented with the “severity” and “root asset” filters upon visiting the vulnerabilities view. All other filters will be accessible by selecting the “Show more filters” icon.
Recently added crowdsourced vulnerabilities
Here is a list of all new medium, high, and critical severity modules added in the recent days from our community of ethical hackers. You can find a complete list of new vulnerabilities added to Surface Monitoring and Application Scanning by viewing the “What’s New?” section in-tool.
- CVE-2021-23394: elFinder Potential RCE
- CVE-2021-2400: Oracle EBS XXE
- CVE-2021-31805: Apache Struts2 RCE
- CVE-2021-40822: Geoserver SSRF
- CVE-2022-24288: Apache Airflow RCE
- CVE-2022-25568: MotionEye Configuration File Leakage
- CVE-2022-26134: Atlassian Confluence RCE via OGNL Template Injection
- CVE-2022-26960: elFinder Path Traversal
- Guacamole Default Credential
Login to get an overview of what is exposed on your attack surface.
Join our team
We’re hiring engineers, product managers, sales, & more! Learn more.
Check out more content
Product update: Dynamic API Scanning, Recommendations & Classifications, and more
We know the importance of staying ahead of threats. At Detectify, we’re committed to providing you with the tools you need to secure your applications …
