This review, written by Paul Asadoorian, focuses on Detectify’s Surface Monitoring product. This crowdsource-backed attack surface monitoring component discovers internet-facing assets such as subdomains, exposed files, vulnerabilities and misconfigurations.

Company background

Detectify is the only External Attack Surface Management solution powered by a world-leading ethical hacker community. By leveraging hacker insights, security teams using Detectify can map out their entire attack surface to find anomalies and detect the latest business critical vulnerabilities in time – especially in third-party software.

The only way to secure your attack surface is to hack it, but it doesn’t have to be complicated. With Detectify, continuous security starts with a few clicks. Go hack yourself.

Product overview

The Surface Monitoring product was designed to complement Detectify’s Application Scanning (AS) product. While the AS product focuses on issues in the code of web applications, Surface Monitoring zooms out a bit, discovering potential issues at the web server, web framework and subdomain level.

For app scanning to find vulnerabilities, it first needs to be configured to scan things. To be configured to scan things, employees need to know they exist.

This is where Surface Monitoring comes in. Perhaps new apps, APIs, or app components are deployed to production and the app scanner isn’t updated to scan them. You can even launch new app scans from within Surface Monitoring (assuming you are licensed to use both products). 

Another reason to use Surface Monitoring is that there are entire classes of vulnerabilities that are often missed by app scanners and network vulnerability scanners. 

Read the full report here.