Detectify

Jan 21, 2019
2012
Stockholm, Sweden
Apr 18, 2019   |  By Detectify
The Payment Card Industry Data Security Standard (PCI DSS) program provides an information security compliance benchmark for companies that are handling, processing and storing cardholder data online. Software development and vulnerability management are covered in the PCI DSS compliance requirements as this concerns products and applications created to handle cardholder data.
Apr 18, 2019   |  By Detectify
For continuous coverage, we push out major Detectify security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. This post highlights a few things that we have improved in the last two weeks.
Apr 4, 2019   |  By Detectify
For continuous coverage, we push out major Detectify security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. This post highlights a few things that we have improved in the last two weeks.
Apr 3, 2019   |  By Detectify
Some believe that “whatever can be automated, should be automated” and in general benefits include faster production, consistency in product and quality, rolling back from failures and all allowing employees to focus on more creative and analytical tasks. The same can be said for the automation of quality assurance and security of developer coding and programming.
Mar 21, 2019   |  By Detectify
Apache Struts is a well-known development framework for Java-based web applications that is mostly used in enterprise environments. If you search for Apache Struts CVEs on MITRE, you currently get 77 results, and most of the critical ones are due to OGNL expression injection, which is very similar to SSTI (Server Side Template Injection) attacks. In this article we will go through the security history of Apache Struts, common Apache Struts security issues and the impact of these vulnerabilities.
Apr 11, 2019   |  By Detectify
Detectify is a scalable web app security scanner that automates 1000+ security tests to help you release secure applications. With Detectify, you can test your code with real exploits to identify and fix vulnerabilities in both staging and production environments. The service is continually updated with new security tests thanks to Detectify Crowdsource, a global network of handpicked security researchers.
Mar 21, 2019   |  By Detectify
Object-Graph Navigation Language (OGNL) is an expression language for handling Java objects. When an OGNL expression injection vulnerability is present, it is possible for the attacker to inject OGNL expressions. Many critical Apache Struts CVEs are the result of GNL expression injection. Watch our short attack demo video where we explain Apache Struts OGNL expression injection and how it works.
Mar 5, 2019   |  By Detectify
Detectify is an automated vulnerability scanner that checks your web application for security issues and gives you the tools you need to improve your web security.
Jan 2, 2019   |  By Detectify
Great to see you’re interested in using Detectify to check your web application security! Here is a video demo to walk you through the Detectify tool to get started, add a scan profile, integration options, profile settings and show you how each of our features work. This will also show you how to use the API.
Dec 13, 2018   |  By Detectify
This video is proof of concept of CVE-2018-9206 Unauthenticated arbitrary file upload vulnerability and jQuery-File-upload RCE.