Auto-Discover DNS Records - GoDaddy Integration - July 28, 2022
Expand the scope of your Collection by auto-discovering Entities behind GoDaddy.
The new integration continuously ingests DNS records to improve attack surface visibility in situations where the GoDaddy account manages a substantial amount of DNS records.
You can find the new integration here.
Latest Checks - Atlassian Confluence, WSO2, and More - July 22, 2022
Checks are continuously added to the Library to keep our customers informed about the latest vulnerabilities, misconfiguration, and exposures that impact external assets.
Notable Check:
Atlassian Confluence - Questions from Confluence App Hardcoded Credentials (CVE-2022-26138)
See the latest:
- WSO2 - Remote Code Execution (CVE-2022-29464)
- Atlassian Jira - Server-Side Request Forgery (CVE-2022-26135)
- Exposed Microsoft Exchange Control Panel
- Bonita Web - Authentication Bypass (CVE-2022-25237)
Searching for Answers - 2FA Edition - July 15, 2022
Use the search function on the Entities page to answer questions about your external security posture.
- What application endpoints in my primary domain don't allow 2FA?
- Check out your application endpoints not protected by 2FA. Or,
- Copy & paste http_auth_2fa:false in the Entities search bar.
- What application endpoints in my primary domain allow 2FA?
- Check out your application endpoints protected by 2FA. Or,
- Copy & paste http_auth_2fa:true in the Entities search bar.
Reporting Insights Beta - July 7, 2022
Our initial round of Reporting Insights has been released for paid customers. Navigate over to the Insights tab to view them.
Reporting Insights Available:
- Top 10 Most Severe Issues
- Top 10 Critical or High Issue Types by Prevalence
- Entities with the Most Issues
You can generate a formatted PDF of this information as well.
New charts and reports will be released on an ongoing basis. We know this is a priority for our customers and will make it a priority for us. All feedback, suggestions, and comments are welcome!
Much more to come.
Take Control of Collections with Out of Scope - July 5, 2022
Take control of your entities when creating a Collection! You can now add out-of-scope Entities like domains, URLs, subdomains, IP addresses, and more to a Collection to ensure ASM does not scan them.
Navigate to your Collection Settings -> Inventory -> Out of Scope. If you see an Entity you'd like to scope out in your Entities view; you can set it out of scope directly on the page.