- Security Update: Publicly Exposed Ingress NGINX Admissionby Detectify on March 26, 2025 at 3:33 pm
A series of vulnerabilities, known as IngressNightmare (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, CVE-2025-1974), have been identified in ingress-nginx, a widely used Kubernetes ingress controller. When exploited together, … The post Security Update: Publicly Exposed Ingress NGINX Admission appeared first on Blog Detectify.
- DNS is the center of the modern attack surface – are you protecting all levels?by Detectify on March 18, 2025 at 3:17 pm
If you are a mature organization, you might manage an external IP block of 65,000 IP addresses (equivalent to a /16 network). In contrast, very … The post DNS is the center of the modern attack surface – are you protecting all levels? appeared first on Blog Detectify.
- Introducing Alfred for fully autonomous AI-built vulnerability assessmentsby Detectify on March 10, 2025 at 12:00 pm
We are excited to announce Detectify Alfred, a revolutionary system that uses AI to completely autonomously collect and prioritize threat intelligence and generate high-fidelity security … The post Introducing Alfred for fully autonomous AI-built vulnerability assessments appeared first on Blog Detectify.
- Making security a business value enabler, not a gatekeeper by Detectify on February 25, 2025 at 2:26 pm
The traditional perception of security within an organization is as a barrier rather than a facilitator, imposing approval processes and regulations that inevitably slow down … The post Making security a business value enabler, not a gatekeeper appeared first on Blog Detectify.
- How Detectify embraces the best of both DAST and ASMby Detectify on February 10, 2025 at 11:00 am
There’s often a lack of understanding when it comes to Dynamic Application Security Testing (DAST) as a methodology versus DAST as a tool. How do … The post How Detectify embraces the best of both DAST and ASM appeared first on Blog Detectify.
- Sending billions of daily requests without breaking things with our rate limiterby Detectify on January 23, 2025 at 10:19 am
At Detectify, we help customers secure their attack surface. To effectively and comprehensively test their assets, we must send a very high volume of requests … The post Sending billions of daily requests without breaking things with our rate limiter appeared first on Blog Detectify.
- How to Prevent a Subdomain Takeover in Your Organizationby Detectify on January 22, 2025 at 1:35 pm
When was the last time you checked DNS configurations for subdomains pointing at services not in use? According to Crowdsource ethical hacker Thomas Chauchefoin, while … The post How to Prevent a Subdomain Takeover in Your Organization appeared first on Blog Detectify.
- Security Update: Ivanti Connect Secure (CVE-2025-0282)by Detectify on January 13, 2025 at 4:35 pm
A critical vulnerability (CVE-2025-0282) has been identified in Ivanti Connect Secure, Policy Secure, and ZTA Gateways. This vulnerability could allow unauthenticated remote attackers to achieve … The post Security Update: Ivanti Connect Secure (CVE-2025-0282) appeared first on Blog Detectify.
- Inside the tech that continuously monitors our customers’ attack surfaceby Detectify on January 9, 2025 at 8:58 am
As part of our Detectify under the hood blog series, we recently introduced our new engine framework and how it helped us address a critical … The post Inside the tech that continuously monitors our customers’ attack surface appeared first on Blog Detectify.
- Detectify year in review 2024by Detectify on December 18, 2024 at 9:42 am
In 2024, we shipped numerous features to help security teams manage their growing attack surface. Some examples are Domain Connectors for continuous discovery, a new … The post Detectify year in review 2024 appeared first on Blog Detectify.
Web Security Insights for CISOs
We are an ethical website cyber security team and we perform security assessments to protect our clients.