For continuous coverage, we push out a major Detectify security release every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize all releases here but they are immediately added to our scanner and available to all users. This post highlights a few things that we have improved in the last two weeks.
Public security releases from our security research team:
Some focus has been on stability and minimizing false positives, which should yield in a overall better experience of the service. We have also improved findings based on research originating from Frans Rosén on ACME. After some deeper digging, Frans found further common misconfigurations that arise from user implementation of ACME, which have been added to our web vulnerabilities scanner. These are not flaws of ACME itself. You can check for this now.
Detectify is now scanning for Exposed Yii Debugger. It is a developer debugger that shows detailed information about requests to the server, and would include information such as username and passwords if someone where to login at the server. Due to a common misconfiguration, this debug page can be publicly accessible for anyone that knows the URL for it.
Additionally, we check for various dated versions of Apache Drill as well as accidentally exposed synchronization files for Adobe Dreamweaver.
Questions or comments? Let us know in the section below!