Vulnerability Management

Detectify’s Surface Monitoring Review | Security Weekly Labs

This review, written by Paul Asadoorian, focuses on Detectify’s Surface Monitoring product. This crowdsource-backed attack surface monitoring component discovers internet-facing assets such as subdomains, exposed files, vulnerabilities and misconfigurations.

Company background

Detectify is the only External Attack Surface Management solution powered by a world-leading ethical hacker community. By leveraging hacker insights, security teams using Detectify can map out their entire attack surface to find anomalies and detect the latest business critical vulnerabilities in time – especially in third-party software.

The only way to secure your attack surface is to hack it, but it doesn’t have to be complicated. With Detectify, continuous security starts with a few clicks. Go hack yourself.

Product overview

The Surface Monitoring product was designed to complement Detectify’s Application Scanning (AS) product. While the AS product focuses on issues in the code of web applications, Surface Monitoring zooms out a bit, discovering potential issues at the web server, web framework and subdomain level.

For app scanning to find vulnerabilities, it first needs to be configured to scan things. To be configured to scan things, employees need to know they exist.

This is where Surface Monitoring comes in. Perhaps new apps, APIs, or app components are deployed to production and the app scanner isn’t updated to scan them. You can even launch new app scans from within Surface Monitoring (assuming you are licensed to use both products). 

Another reason to use Surface Monitoring is that there are entire classes of vulnerabilities that are often missed by app scanners and network vulnerability scanners. 

Read the full report here.

Paul Asadoorian

Paul Asadoorian is currently the Principal Security Evangelist for Eclypsium, focused on firmware and supply chain security awareness. Paul’s passion for firmware security extends back many years to the WRT54G hacking days and reverse engineering firmware on IoT devices for fun. Paul and his long-time podcast co-host Larry Pesce co-authored the book “WRTG54G Ultimate Hacking” in 2007, which fueled the firmware hacking fire even more. Paul has worked in technology and information security for over 20 years, holding various security and engineering roles in a lottery company, university, ISP, independent penetration tester, and security product companies such as Tenable. In 2005 Paul founded Security Weekly, a weekly podcast dedicated to hacking and information security. In 2020 Security Weekly was acquired by the Cyberrisk Alliance. Paul is still the host of one of the longest-running security podcasts, Paul’s Security Weekly, he enjoys coding in Python & telling everyone he uses Linux.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.