December is here again and the year is coming to a close even though it feels like it was January 2017 only yesterday. It’s been a busy year at Detectify, full of exciting changes!
30 events
We attended 30 events in 2017, both in Sweden and abroad. Members of the Detectify team talked at conferences, organised workshops, and shared their security knowledge. Here are some highlights!
Frans Rosén, Detectify’s security advisor, gave a talk about web security, ethical hacking, and bug bounty hunting at Webbdagarna.
Frans Rosén at Webbdagarna, Photo: Webbdagarna
Our frontend developer Martina Janevska talked about secure development at Swetugg and Testing Forum, showing the audience how to improve their security mindset and write safer code.
Martina Janevska at Swetugg, Photo: Swetugg
We also attended Ecommerce Stockholm, where our security researcher Linus Särud talked about his background as an ethical hacker and shared some tips on how to secure e-commerce stores.
Linus Särud at Ecommerce Stockholm, Photo: Ecommerce Stockholm
New Detectify office
In spring, we moved to our shiny new office at Långholmsgatan 34. To celebrate, we organised a housewarming party for our business partners, investors, hackers, and friends.
Detectify housewarming party
A new office means more room for parties! We have had some fantastic hacker nights (with plenty of pizza, of course), where our security researcher and co-founder Fredrik Nordberg Almroth showed us cool hacks.
Fredrik Nordberg Almroth at one of our hacker nights
Themed afterworks were another highlight of the year, including a 1920s party and a Halloween pumpkin carving evening.
We also continued the tradition of having a company breakfast every other Friday. One member of the team, our office dog Jago, is particularly fond of our breakfasts!
More transparency in the tool
Throughout the year, increasing transparency in the tool and making Detectify even more intuitive was our key focus. To give you a better idea on what’s going on under the hood, we have added more information to the finding details view and developed an advanced graph that allows you to track your findings over time.
The advanced graph
We have also released auto discovery, a new feature that shows you all the subdomains we identified on the verified domain and makes it easier to set up scan profiles. To top it all off, we added some new security features like 2-factor authentication and SSO support. What a year!
A growing team
The Detectify team continued to grow in 2017 – in fact, this was one of the reasons we moved to a new office! Awesome new colleagues joined us in tech, sales, and marketing. We now have 10 nationalities in the team and speak 15 languages in total. Pretty impressive! We also extended our data team with two summer interns and were sad to see them go back to school.
Interested in joining us? Take a look at our career page!
New clients on board
In 2017, we were joined by many fantastic new clients who share our passion for security. Read their user stories to find out more about how companies like Episerver and Office IT Partner work with security and use Detectify in the development process.
Detectify Crowdsource turned 1
In November, our ethical hacking platform Detectify Crowdsource turned 1! We have over 100 handpicked security researchers in the Crowdsource community and so far, security tests submitted to Crowdsource have identified 10 037 vulnerabilities on our customers’ websites.
If you’d like to find out more about Detectify Crowdsource, head over to our Crowdsource category.
Over the past year, we have been working hard on the platform to improve the Crowdsource experience. One of our favourite new features is the new public leaderboard where you can see the top 10 Crowdsource hackers.
Detectify Crowdsource public leaderboard
Are you a security researcher and would like to join Crowdsource? Check out the Crowdsource website to find out more >>
Magento security
In October, our security team worked hard to add new Magento security tests to the service and help our e-commerce clients secure their stores before Black Friday. We also published a series of articles about Magento security, including research about the most common Magento security mistakes, a Magento security 101 guide, and an interview with Magento agencies Vaimo and Divante.
Tinder, Slack, DOOM, and a whole lotta S3 buckets
Our researchers were busy in 2017, writing about their latest security discoveries. We highlighted Tinder privacy issues, found a vulnerability in Slack, invented the Tesla DOOM DOM XSS, and delved into S3 bucket misconfigurations.
Since we published our S3 research, AWS bucket misconfigurations have become a hot topic and Amazon recently introduced additional security features to help users keep their buckets safe.
Like DOOM? Then you should check out our DOOM DOM XSS write-up
OWASP Top 10 2017
We were excited to see the release of the new OWASP Top 10 list and commented on the changes OWASP Top 10 2017 has brought. We also posted a range of OWASP Top 10 attack demos and are now working on adding new ones, covering the updated Top 10 list.
By the way, Injection is still the #1 OWASP vulnerability. Watch the video below to find out how it works:
Detectify on WIRED’s list of hottest startups
In September, we were thrilled to find out that we had been featured on WIRED’s list of Europe’s hottest startups for the second year in a row. How cool is that?! The list is packed with amazing startups from across Europe and we’re really proud to be part of it.
But wait, we were nominated for more…
We were also one of the 33 companies that were selected as Sweden’s hottest tech startups of 2017 by Swedish tech publication Ny Teknik.
Our Marketing & Content Coordinator Robyn was nominated for the Rookie of the Year award by Dagens Media.
Our Go Hack Yourself stickers are still taking over the world…
Keep the photos coming, we love seeing our stickers travel the world and spread the word about web security!
It’s been a great year and we’re looking forward to making the internet safer in 2018. Happy holidays!