Detectify

Stockholm, Sweden
2012
Mar 4, 2021   |  By Detectify
There is a common tendency that the typical DAST scanner finds the easiest to locate known security vulnerabilities. If you need to find vulnerabilities that are more difficult to detect – you need the help of security experts. But what if the DAST product could behave more like an automated hacker? The Security Research team at Detectify set themselves up to solve this problem and fundamentally upgrade the way we do fuzzing in our vulnerability scanner, Deep Scan.
Feb 22, 2021   |  By Detectify
Our Crowdsource ethical hacker community has been busy sending us security updates, including 0-day research. For Asset Monitoring, we now push out tests more frequently at record speed within 25 minutes from hacker to scanner. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. The following are some of the security vulnerabilities reported by Detectify Crowdsource ethical hackers.
Feb 16, 2021   |  By detectify
Every week, our global community of hand-picked Detectify Crowdsource ethical hackers submit new vulnerabilities that we make available to our users as automated security tests. In the new series Vuln of the Month, we deep-dive into an especially interesting vulnerability that was added to our scanner in the past month. First up: CVE-2020-10148, SolarWinds Orion Authentication Bypass. In January, Detectify added a security test for CVE-2020-10148, SolarWinds Orion Authentication Bypass.
Feb 10, 2021   |  By Jocelyn Chan
This edition of Detectify Security Defenders Insights focuses on best practices on how not to lose security visibility in 2021: For many small to mid-sized tech organizations, security visibility is an increasing challenge. 2020 was the true catalyst to their tech transformation from all in-house to suddenly working from home. This meant a pressured effort to make sure security was top-of-mind especially now that everyone was literally out-of-sight.
Feb 8, 2021   |  By Detectify
Our Crowdsource ethical hacker community has been busy sending us security updates, including 0-day research. For Asset Monitoring, we now push out tests more frequently at record speed within 25 minutes from hacker to scanner. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. The following are some of the security vulnerabilities reported by Detectify Crowdsource ethical hackers.
Jan 27, 2021   |  By Jocelyn Chan
In this new series, Security Defender Insights, Detectify is recognizing Security Defenders in our network to bring you actionable insights and inspiration for your security strategies in 2021. We want to encourage open discussions about web security and show appreciation for hard-working security practitioners. So let’s get started with this interview with Roberto Arias Alegria, Information Security Architect at Quandoo.
Jan 26, 2021   |  By Jocelyn Chan
A SaaS start-up can only go so far before it’s time to consider certifications and compliance standards for advancement. But let’s make it clear that at Detectify, we don’t see compliance as security. If you’re stuck in between the two right now, here’s our use case for getting ISO 27001 certification and how we made it work for Detectify, a SaaS-based web application security scale-up that has its fair share of passionate security defenders aboard!
Jan 25, 2021   |  By Detectify
Our Crowdsource ethical hacker community has been busy sending us security updates, including 0-day research. For Asset Monitoring, we now push out tests more frequently at record speed within 25 minutes from hacker to scanner. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. The following are some of the security vulnerabilities reported by Detectify Crowdsource ethical hackers.
Jan 19, 2021   |  By Jocelyn Chan
TL;DR: On January 7, the Detectify security research team found that the .cd top-level domain (TLD) was about to be released for anyone to purchase and claimed it to keep it secure before any bad actors snatched it up. A technical report with full details is available on Detectify Labs. This blog post will discuss the basics of domain takeover.
Jan 15, 2021   |  By detectify
NEW RESEARCH – On December 30, Fredrik Nordberg Almroth, security researcher and co-founder of Detectify – the Sweden-born cybersecurity company that offers a web vulnerability service powered by leading ethical hackers – found a vulnerability that left the country code top-level domain of the Democratic Republic of Congo, .cd, open to severe potential abuse.
Jul 3, 2020   |  By Detectify
There are many paths you can take to become a security professional. In this episode, host Laura Kankaala talks with Tom Hudson (aka @TomNomNom) about his learning journey with computers and hacking which began with him taking it all apart. Tom’s tinkering obsession introduced him to the world of hacking and bug bounty competitions. Besides chasing bugs, Tom is also passionate about passing on knowledge through his particular teaching style, and he discusses some of the common struggles of people who are just getting started with security, but also what are the kinds of questions are the good questions to ask along the way.
Mar 19, 2020   |  By Detectify
One could argue that bug bounties are a buzzword in security today, but what are they and what are they good for? In this episode, Laura is joined by the talented security researcher and detectify co-founder Fredrik N. Almroth (@almroot on twitter). If you can name it, Fredrik has probably hacked them including companies like Facebook, Tesla, Dropbox and Uber. Tune in for a dive deep into Fredrik's past as a bug bounty hunter and discuss how both companies and bug bounty hunters can get started in the field of Crowdsourced Security, as well as where the bug bounty industry is headed.
Feb 5, 2020   |  By Detectify
Do you remember when you first connected to the Internet? Security nerds Laura and Johan go back to the Internet in the 90's, the evolution of hacking and the transformation of IT security into an industry where hackers are now allies to companies.
Nov 11, 2019   |  By Detectify
Stay on top of cybersecurity threats by leveraging automated ethical hacker knowledge with Detectify. We check your web applications for 1500+ known vulnerabilities that go beyond the standard CVE libraries.
May 28, 2019   |  By Detectify
This Meet the Hacker episode features Detectify Crowdsource hacker, Linus Särud aka @_zulln. He is a security researcher at Detectify and he specializes in finding web application vulnerabilities. Linus started hacking when he was in his early teens and found a bug in Google Translate.
Apr 11, 2019   |  By Detectify
Detectify is a scalable web app security scanner that automates 1000+ security tests to help you release secure applications. With Detectify, you can test your code with real exploits to identify and fix vulnerabilities in both staging and production environments. The service is continually updated with new security tests thanks to Detectify Crowdsource, a global network of handpicked security researchers.
Mar 21, 2019   |  By Detectify
Object-Graph Navigation Language (OGNL) is an expression language for handling Java objects. When an OGNL expression injection vulnerability is present, it is possible for the attacker to inject OGNL expressions. Many critical Apache Struts CVEs are the result of GNL expression injection. Watch our short attack demo video where we explain Apache Struts OGNL expression injection and how it works.
Mar 5, 2019   |  By Detectify
Detectify is an automated vulnerability scanner that checks your web application for security issues and gives you the tools you need to improve your web security.
Jan 2, 2019   |  By Detectify
Great to see you’re interested in using Detectify to check your web application security! Here is a video demo to walk you through the Detectify tool to get started, add a scan profile, integration options, profile settings and show you how each of our features work. This will also show you how to use the API.
Dec 13, 2018   |  By Detectify
This video is proof of concept of CVE-2018-9206 Unauthenticated arbitrary file upload vulnerability and jQuery-File-upload RCE.

Detectify is a web security scanner that performs fully automated tests to identify security issues on your website. It tests your website for over 1000 vulnerabilities, including OWASP Top 10, and can be used on both staging and production environments. Detectify’s simple to use interface, integrations with popular developer tools, team functionality, and informative reports simplify security and allow you to integrate it into your workflow.

We work with some of the best white hat hackers in the world through our Detectify Crowdsource platform and our internal security research team to continually build more security tests into our tool. We now scan for over 1000+ known vulnerabilities.

What makes us unique:

  • White hat hackers: Detectify was built by renowned white hat hackers, who have legally hacked companies like Google, Facebook and PayPal. In 2016, we launched Detectify Crowdsource, a global network of 150+ handpicked ethical hackers that continously report their latest findings to us. In the last year, we received 450+ submissions that generated nearly 40 000 findings amongst our users.
  • Usability: The Detectify experience is designed to be easy, fun and accessible. The goal to simplify security has shaped Detectify’s UI, making it both intuitive and easily adjusted to your needs. This is why Detectify seamlessly integrates into the development process and offers integrations with all popular developer tools.
  • Educational: Detectify offers team functionality so that users can easily share reports within their team and/or with clients. Most findings have links to resources where you can read up on the vulnerability and learn how to fix it. You will have access to more than 100 guides, attack demo videos, quizzes etc, which will quickly increase the security awareness in your organisation.

Go Hack Yourself or someone else will.