Attack surface mgmt

CyCognito Platform: Review | Security Weekly Labs

April 22, 2021
Product: CyCognito PlatformCategory: Attack Surface Management
Company: CyCognitoReview date: April 2021
Figure 1 - Excluding third party assets 
  1. The seed began with a parent company and a subsidiary was discovered by looking at acquisitions on Crunchbase. 
  1. From this new subsidiary company name, it looked for domains owned by the subsidiary.  
  1. It checked the Whois record for one of the domains owned by the subsidiary. In this Whois record, it found that the contact email address had a different domain. 
  1. From the email address’s domain, it found a website. 
  1. By crawling this website, it found a Wiki site under a subdomain. This subdomain is the asset we’re currently looking at. 
  • ServiceNow (ticketing) 
  • Jira (ticketing) 
  • SSO via Auth0 (authentication) 
  • Discovering SaaS vanity URLs (May 2021)
  • Automated vulnerability exploit validation (beta in Q2, GA in Q3)
Adrian Sanabria

Adrian joined SC Media’s parent company, CyberRisk Alliance in 2020. He will focus primarily on cybersecurity product reviews, but will also provide industry insight trends for both SC Media and Security Weekly (another CyberRisk Alliance company). He brings two decades of industry experience, working as a practitioner, penetration tester, and industry analyst. He spent the last few years as an entrepreneur, challenging norms in sales and marketing for a variety of vendors. Adrian loves to cook, eat, hike, play music and regale his teenagers with stories of what the early days of the Internet were like.

prestitial ad