December is here again and the is coming to a close even though it feels like it was January only yesterday. It’s been a busy at Detectify, full of exciting changes!

Detectify Year in review 2017  - Detectify year in review - Detectify’s Year in Review 2017

30 events

We attended 30 events in 2017, both in Sweden and abroad. Members of the Detectify team talked at conferences, organised workshops, and shared their security knowledge. Here are some highlights!

Frans Rosén, Detectify’s security advisor, gave a talk about web security, ethical hacking, and bug bounty hunting at Webbdagarna.

Detectify's Frans Rosén at Webbdagarna  - Frans Webbdagarna - Detectify’s Year in Review 2017

Frans Rosén at Webbdagarna, Photo: Webbdagarna

Our frontend developer Martina Janevska talked about secure development at Swetugg and Testing Forum, showing the audience how to improve their security mindset and write safer code.

Detectify's Martina Janevska at Swetugg  - 31785271614 91ae4584e9 z - Detectify’s Year in Review 2017

Martina Janevska at Swetugg, Photo: Swetugg

We also attended Ecommerce Stockholm, where our security researcher Linus Särud talked about his background as an ethical hacker and shared some tips on how to secure e-commerce stores.

Linus Särud at Ecommerce Stockholm  - Linus ecommerce 768x1024 - Detectify’s Year in Review 2017

Linus Särud at Ecommerce Stockholm, Photo: Ecommerce Stockholm

New Detectify office

In spring, we moved to our shiny new office at Långholmsgatan 34. To celebrate, we organised a housewarming party for our business partners, investors, , and friends.

Detectify housewarming party  - P1050277 - Detectify’s Year in Review 2017

Detectify housewarming party

A new office means more room for parties! We have had some fantastic hacker nights (with plenty of pizza, of course), where our security researcher and co-founder Fredrik Nordberg Almroth showed us cool hacks.

Detectify Hacker Night  - Fredrik hacker night - Detectify’s Year in Review 2017

Fredrik Nordberg Almroth at one of our hacker nights

Themed afterworks were another highlight of the year, including a 1920s party and a Halloween pumpkin carving evening.

Detectify Pumpkin Carving  - detectify pumpkin carving - Detectify’s Year in Review 2017

We also continued the tradition of having a company breakfast every other Friday. One member of the team, our office dog Jago, is particularly fond of our breakfasts!

Detectify team breakfast  - detectify breakfast - Detectify’s Year in Review 2017

More transparency in the tool

Throughout the year, increasing transparency in the tool and making Detectify even more intuitive was our key focus. To give you a better idea on what’s going on under the hood, we have added more information to the finding details view and developed an advanced graph that allows you to track your findings over time.

Detectify Advanced Graph  - Detectify advanced graph1 - Detectify’s Year in Review 2017

The advanced graph

We have also released auto discovery, a new feature that shows you all the subdomains we identified on the verified domain and makes it easier to set up scan profiles. To it all off, we added some new security features like 2-factor authentication and SSO support. What a year!

A growing team

The Detectify team continued to grow in 2017 – in fact, this was one of the reasons we moved to a new office! Awesome new colleagues joined us in tech, sales, and marketing. We now have 10 nationalities in the team and speak 15 languages in total. Pretty impressive! We also extended our data team with two summer interns and were sad to see them go back to school.

Interested in joining us? Take a look at our career page!

Detectify team photo  - Detectify team photo 1024x590 - Detectify’s Year in Review 2017

New clients on board

In 2017, we were joined by many fantastic new clients who share our passion for security. Read their user stories to find out more about how companies like Episerver and Office IT Partner work with security and use Detectify in the development process.

Detectify Crowdsource turned 1

In November, our ethical hacking platform Detectify Crowdsource turned 1! We have over 100 handpicked security researchers in the Crowdsource community and so far, security tests submitted to Crowdsource have identified 10 037 vulnerabilities on our customers’ websites.

If you’d like to find out more about Detectify Crowdsource, head over to our Crowdsource category.

Detectify Crowdsource 1 year  - Detectify Crowdsource Infographic 1024x683 - Detectify’s Year in Review 2017

Over the past year, we have been working hard on the platform to improve the Crowdsource experience. One of our favourite new features is the new public leaderboard where you can see the top 10 Crowdsource hackers.Detectify Crowdsource Leaderboard  - cs leaderboard 1024x652 - Detectify’s Year in Review 2017

Detectify Crowdsource public leaderboard

Are you a security researcher and would like to join Crowdsource? Check out the Crowdsource website to find out more >>

Magento security

In October, our security team worked hard to add new Magento security tests to the service and help our e-commerce clients secure their stores before Black Friday. We also published a series of articles about Magento security, including research about the most common Magento security mistakes, a Magento security 101 guide, and an interview with Magento agencies Vaimo and Divante.

Tinder, Slack, DOOM, and a whole lotta S3 buckets

Our researchers were busy in 2017, writing about their latest security discoveries. We highlighted Tinder privacy issues, found a vulnerability in Slack, invented the Tesla DOOM DOM XSS, and delved into S3 bucket misconfigurations.

Since we published our S3 research, AWS bucket misconfigurations have become a hot topic and Amazon recently introduced additional security features to help users keep their buckets safe.

DOOM DOM XSS  - DOOM XSS - Detectify’s Year in Review 2017

Like DOOM? Then you should check out our DOOM DOM XSS write-up

OWASP Top 10 2017

We were excited to see the release of the new OWASP Top 10 list and commented on the changes OWASP Top 10 2017 has brought. We also posted a range of OWASP Top 10 attack demos and are now working on adding new ones, covering the updated Top 10 list.

By the way, Injection is still the #1 OWASP vulnerability. Watch the video below to find out how it works:

Detectify on WIRED’s list of hottest startups

In September, we were thrilled to find out that we had been featured on WIRED’s list of Europe’s hottest startups for the second year in a row. How cool is that?! The list is packed with amazing startups from across Europe and we’re really proud to be part of it.

Detectify on Wired list of hottest startups  - Detectify Wired - Detectify’s Year in Review 2017

But wait, we were nominated for more…

We were also one of the 33 companies that were selected as Sweden’s hottest tech startups of 2017 by Swedish tech publication Ny Teknik.

Detectify at NyTeknik's event for Sweden’s hottest tech startups  - Detectify 33 listan - Detectify’s Year in Review 2017

Our Marketing & Content Coordinator Robyn was nominated for the Rookie of the Year award by Dagens Media.

Detectify at Inhouse Awards  - Detectify Rookie of the year 790x1024 - Detectify’s Year in Review 2017

Our Go Hack Yourself stickers are still taking over the world…

Detectify stickers  - Detectify stickers - Detectify’s Year in Review 2017

Keep the photos coming, we love seeing our stickers travel the world and spread the about web security!

It’s been a great year and we’re looking forward to making the internet safer in 2018. Happy holidays!



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here