In order for AppSec and ProdSec teams to stay on top of their growing attack surface, they must understand what parts of their attack surface are being continuously monitored and scanned, such as where, when, what, and how.
This can include, but is not limited to:
- Easily adding new domains manually or via asset connectors.
- Confirming that scans are working as they should.
- Quickly identify and fix issues with scans, including appropriate periodicity and coverage.
- Seeing scanned assets and test types.
- Confirming coverage of assets by testing that assets scan for a specific vulnerability (CVE).
- Finding and being alerted to web apps that should be scanned.
- Highlightinb which areas of the attack surface where coverage lacks or doesn’t exist.
Detectify embraces the best of both DAST and EASM
Detectify combines dynamic application testing with expansive attack surface discovery and testing. Within 24 hours, testing for thousands of vulnerability types and exposures occurs on each asset, such as subdomain takeovers, open ports, and policy breaches. Users can customize testing for more complex web applications that reflect the frequency of their internal security operations. Every test includes a unique payload, which increases accuracy and reduces time spent validating vulnerabilities for triaging for remediation.
Leveraging payload based testing
Payload-based assessment means that Detectify only produces a vulnerability finding when the payload sent resolves on the customer’s asset, unlike signature-based testing, which relies on signatures that may be outdated. Signature-based testing usually results in unnecessary vulnerability findings that ultimately clog up remediation pipelines.
Detectify also runs extensive crawling of fuzzing of assets where it makes more sense, like a critical web app. Detectify is the only EASM vendor focused on the AppSec team, so payload-based testing enables them to resolve threats faster.
Payload-based assessment means that Detectify only produces a vulnerability finding when the payload sent resolves on the customer’s asset
Attack Surface Custom Policies
Exposures are any finding across the attack surface that could be exploited, such as a misconfigured web server or an open port on a sensitive database. Malicious attackers monitor many types of exposures as they can lead to an opportunity to take advantage of an organization, like stealing user data. Detectify continuously looks for changes in the attack surface, such as new hosting providers in a geography you usually wouldn’t use. Receiving an alert when these exposures occur makes it possible for central security teams to be more proactive in mitigating threats.
Expand and improve your attack surface coverage through expansive discovery engines
Developers ship new features, bug fixes, and products to production several times daily. Manually updating asset inventories is a solution, but it rarely reflects the current state of the attack surface. Detectify alerts users when a new asset, like a web application, is discovered and makes it possible to begin testing that asset for vulnerabilities or exposures.
Integrating third-party data sources
Detectify can take in data from third-party sources in several ways. The most common way is from AWS Route 53 and zone files as they relate to DNS data. However, if a company wants to complement its existing discovery data, it can do so through an API connection or SDK.
Detectify continuously monitors the attack surface for both assets sent to us by users and those discovered. Every 24 hours, we will scan for domain names, open ports, DNS record types, fingerprinted web assets, IP addresses (geo, hosting provider), SSL/ TLS protocols, and certificates. Users can view what has been discovered from our dashboard or by creating custom policies that alert them when a security policy is broken.
Helping you get the jobs that you need doing, done
This Jobs-to-be-Done article has examined how AppSec and ProdSec teams can understand what is being continuously tested and monitored across their attack surfaces, and how Detectify as an EASM solution can help users achieve this job successfully.
Why not try Detectify with a free 2-week trial, watch a short product demo, or talk to us about how we can help secure your expanding attack surface.
