Detectify: Reliable Payload-Based Testing

Rickard Carlsson


"Companies with web applications need to start integrating security into the development process to protect their customers, brand, and business."

Even though SaaS is a popular and widely adapted service platform and is used by billions of organizations due to its wide range of benefits, security is a crucial challenge and obstacle that comes with it. To fill this gap and provide state-of-the-art SaaS security, Detectify has coined several security solutions. Detectify offers cloud-based external attack surface management that streamlines asset discovery and vulnerability assessment to security and product development teams. They collaborate with ethical hackers to source the latest security research faster and deliver reliable payload-based testing to customers.

The Surface Monitoring solution strengthens the security of applications' Internet-facing subdomains and continuously detects exposed files, vulnerabilities, and misconfigurations. It will immediately monitor the attack surface to spot misconfigurations and business-critical vulnerabilities to improve security. The Application Scanning automatically scans custom-built apps, find business-critical security vulnerabilities, and strengthens web app security. This product tests the apps continuously for the latest vulnerabilities with recurring weekly scans in development, staging, and production environments. Application Scanning performs extended fingerprinting of the domains and the software it runs during a scan and then customizes the subsequent vulnerability scanning phase and activates additional tests applicable to the specific technology identified.

Detectify offers a powerful EASM solution that helps organizations uncover what it doesn't know it's exposing to the Internet. This enables businesses to find unknown precious assets, protect from subdomain takeover, and help become aware of other vulnerabilities and anomalies. As enterprise development teams are shipping code daily, the solution allows them to run at lightning speed while the security team stays in control of the growing attack surface.

Detectify offers advanced attack surface protection to its customers. It identifies and monitors changes in the rapidly growing tech stack and assets. Automatic and continuous scanning will show when and how the attack surface changes and what this means from a risk perspective. They offer an easy way to show the current state of an organization's security health and how it's changed over time. They also help them determine what actions to take to protect and get complete coverage of the growing attack surface. With a library of more than 350 attack vectors for subdomain takeover, Detectify continuously monitors an organization's growing attack surface. Whenever a new subdomain is discoverable on the Internet, the Detectify tool alerts its customers and adds it to their asset inventory for continuous monitoring and vulnerability scanning. Detectify scales with fast-moving teams to continuously secure public-facing applications and assess them for the latest vulnerabilities.

Detectify also has a bunch of ethical hackers from Crowdsource who can find vulnerabilities in widely used systems, such as a CMS, framework, or library. Crowdsource supports all Detectify customers, regardless of their size or turnover. Because Crowdsource ethical hackers find vulnerabilities across commonly used technologies, all Detectify customers benefit.

Detectify's External Attack Surface Management helps organizations uncover what is exposed on the Internet. External attack surface management of applications is the practice of constantly looking for vulnerabilities and anomalies in various systems and technologies, such as infrastructure, third-party services, and applications. Mapping out the attack surface will help understand what internal and external system interfaces speak to each other. With easy access to the vulnerabilities present in the organization, Detectify guides them with understandable remediation tips, helping them make more informed security decisions.

Detectify was founded in 2013 in Stockholm. It has grown from an idea of a group of security-interested friends to a 140+ employee strong SaaS security company. They drive the future of internet security by automating and scaling crowdsourced vulnerability research. Detectify is available globally, except in US and EU/UN-sanctioned countries. With Detectify, one can deploy the scanning engines as long as they are hosted in the cloud. Detectify is trusted by more than 1900 companies worldwide, including Spotify, King, Trello, and Grammarly.

Rickard Carlsson is the CEO of Detectify. He holds an MSc in applied physics and electrical engineering and has once hacked a thermostat. Rickard says, "Companies with web applications need to start integrating security into the development process to protect their customers, brand, and business." Detectify is backed by several leading security profiles and venture capital firms, such as Insight Partners, Inventure, Pauaventures, and Balderton capital.

Translate »