Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Gehaxelt - How Wordpress Plugins Leak Sensitive Information Without You Noticing

Sebastian Neef (@gehaxelt) is a IT security freelancer and a top contributor from the Detectify Crowdsource community. In this guest blog, he looks at ways WordPress plugins leak sensitive data in the wild: The OWASP Top 10 puts Sensitive Data Exposure on the 3rd place of the most common web security issues. In this blog post we will have a look at sensitive data exposure that you might not be aware of.

M. Loewinger, Smartbear: "Each product has a DevOps lead who manages Detectify and all its findings"

Detectify user story: Smartbear offers automated software testing solutions that help development and testing teams ensure quality throughout the software development lifecycle. Martin Loewinger, Director of SaaS Operators at Smartbear, and his team use Detectify to ensure security is a part of each product CI/CD pipeline, so that they can help their end users with test automation and monitoring.

Guest blog: streaak - my recon techniques from 2019

Detectify Crowdsource hacker Akhil George, aka streaak, is a full-time student who chases bug bounties during his free time. His hacking interests started with CTF competitions and eventually shifted to bug bounties, gaining him recognition abroad including this report from NBC. Our Crowdsource guest blogs give readers an inside look into the mind of an ethical hacker, this month’s contribution goes on to discuss the recon techniques streaak used in 2019.

Detectify secures 21,5 million in Series B round to bring world-class cyber security to everyone

Stockholm, Sweden. November 26, 2019 – Detectify, today announces a successful Series B round of €21,5 million led by venture capital firm Balderton Capital, and supported by existing investors Paua Ventures, Inventure and Insight Partners. The new funding will be used to continue to hire world-class talent to further accelerate the company’s growth and deliver on Detectify’s promise of a safer internet for all.

New security test: CVE-2019-11043 PHP-FPM & NGINX RCE

tl;dr – CVE-2019-11043 PHP-FPM & NGINX RCE was publicly disclosed and a Proof-of-Concept exploit code was made available on GitHub. We received the report from our Crowdsource community, and now the CVE-2019-11043 Nginx/PHP-FPM RCE vulnerability is detected by Detectify. Nginx is a common web server used to run web applications. PHP-FPM (FastCGI Process Manager) is a processor for PHP scripts that is efficient at handling heavy website traffic and is commonly used by websites that have e.g.

Cybersecurity Awareness Month - 5 tips for safe browsing

October is Cyber Security Awareness month, and a good time for organizations and anyone who uses the Internet (yes that means everyone) to review security best practices, for a safer user experience. Based on the current state of the Internet, here are our best tips for a better online browsing experience, for website guardians and end users.