Detectify, a leading cybersecurity company, recently introduced new capabilities to help security teams address a critical challenge in vulnerability testing. The new Asset Classification and Scan Recommendations features aim to assist organizations in identifying and testing all their web assets beyond their main applications, bridging the gap between broad and deep vulnerability testing.
Security teams often struggle with knowing which assets to prioritize for testing, leading to significant gaps in web application security. Detectify’s research has revealed that, on average, organizations miss testing 9 out of 10 of their complex web apps. This oversight is compounded by the fact that over half of organizations miss all their valuable apps when they begin scanning, indicating a lack of clarity on where to focus their testing efforts.
This challenge is pervasive across organizations of all sizes. Even those with fewer than 10 valuable web apps typically test only about 30% of them, with coverage decreasing as their attack surface expands. Detectify’s new capabilities aim to address this issue by providing intelligence and recommendations to help security teams prioritize their testing efforts effectively.
The Asset Classification feature analyzes and categorizes all web assets discovered by Detectify, focusing on specific attributes that indicate the purpose of each app. This classification is based on insights from continuous monitoring and mimics attacker reconnaissance techniques. As new web apps are added to an organization’s environment without their knowledge, this feature helps identify and categorize assets for further investigation and testing.
The Scan Recommendations feature provides intelligent suggestions for web apps to test based on their classification and attractiveness to attackers. It highlights which apps require thorough testing, particularly through deep crawling and fuzzing with DAST (Dynamic Application Security Testing). These recommendations are based on insights from the Detectify Crowdsource community of ethical hackers and AI-driven assessments from Detectify Alfred.
Rickard Carlson, CEO of Detectify, emphasized the importance of focusing resources on protecting the most vulnerable targets. He stated, “Attackers thrive on the discrepancy between what you believe you’re exposing and what you’re actually exposing. We are helping AppSec teams direct their resources toward protecting the targets that actually matter.”
These new capabilities empower security teams to allocate resources more confidently, shifting from manual guesswork to strategic prioritization of testing efforts. By focusing deep DAST scanning on high-risk assets while maintaining broad dynamic coverage over the entire attack surface, organizations can enhance their overall security posture.
The Scan Recommendations and Asset Classification features are set to be rolled out to Detectify customers in the coming weeks, providing them with valuable tools to enhance their vulnerability testing strategies. For more information on these capabilities, visit Detectify’s website.