Sat 01 April 2023
Attack Surface Enhancements
We've made a long list of changes to improve the experience of detecting and navigating your attack surface.
Here are just some of the cool new features:
- Narrow down on any asset using the filter button and access its direct asset connections or even its 2nd and 3rd connections. This feature helps us understand how the attack surface discovery detects new assets. A great example is a user with his work email registering multiple new domains that weren't tracked anywhere before. You know yourself, John from Marketing 🙂.
- Addition of powerful new search features like searching by multiple ownership types or excluding assets matching a search pattern.
- Convenient quick action buttons to trigger a scan or add a monitoring rule. If you are curious about that asset's vulnerabilities, just hit "Quick Scan".
- Bulk asset import makes it a breeze to add many assets by simply uploading a CSV file.
- Access asset data directly from the attack surface graph with information such as DNS Records, open services, used libraries, Whois data, in-use certificates, and much more.
A deeper look at your Mobile Applications Attack Surface.
Attack surface is not just about domain names and IP addresses, especially if you are a mobile-first company.
Ostorlab’s attack surface now detects and tracks mobile applications' attack surface, be it what is the app exposing, what dangerous features is it using, what libraries are used and most importantly tracking their changes and when they are changed. It will even list all backend systems and indicate their geographical location.
Mobile Scan Summary
Our latest work includes a new scan insights feature with a summary of scan reports and actionable feedback on how to improve the security of your app. Augmented with attack surface data, the report provides useful insight into the impact of the identified issues.
Faster Scans 🏎🏎🏎
If you have been using the platform for a while, you might have noticed that scans run faster, much faster. This has required a substantial amount of engineering effort to increase speed without sacrificing quality. This is only the first step toward achieving a full scan completion in under an hour which we aim to achieve before the end of this year.