Detectify VS Depfu

Detectify once made an offer of making free scans which I took them up on. There are plenty of free Content Security Policy (CSP) and other vulnerability checkers around such as Observatory or Pentest. Shields UP!! Will identify which ports you have open. Source: 6 months ago

Detectify | Community Manager, Crowdsource | REMOTE (Offices in Boston, US & Stockholm, Sweden. We help with relocation if wanted) https://detectify.com/ We are a cyber security company in the industry, and more specifically the EASM (External Attack Surface Monitoring) space by automating and scaling the knowledge of hundreds of ethical hackers through our SaaS platform. Currently through our unique to Detectify... - Source: Hacker News / over 2 years ago

A concept-level idea would be this: 1) For your staging/UAT environment pipeline stages, add a "DAST scan" step, eg. With Detectify (which also has an API accommodating this need) 2) I'd assume, independently from the DAST scan, you ran some tests on UAT. Allow the scan to complete during the time it takes to run your UAT tests. After that, you'll get a report (automated or not) from your scanner. 3) When... Source: almost 3 years ago

Subdomain takeover was pioneered by ethical hacker Frans Rosén and popularized by Detectify in a seminal blogpost as early as 2014. However, it remains an underestimated (or outright overlooked) and widespread vulnerability. The rise of cloud solutions certainly hasn't helped curb the spread. - Source: dev.to / about 3 years ago

For everyone that has read my article about the demonstration of security flaws already knows how bad things can turn out, because a library has issues. If I would need to summarize this topic into one word: Log4Shell. The problem with 3rd party software is: When they mess up (security wise), your software can be affected. Luckily, often times libraries give their best to fix those exploits as quickly as... - Source: dev.to / over 1 year ago

Compounding factor #4: Dependency greening tools, like GitHub's dependabot, or the excellent alternatives depfu, and renovate will all send a PR whenever a new version of rubocop comes out, asking to upgrade from ancient to hot-right-now. While this is often a non-starter for a library, the repeated invalid PRs can be a time sink, and a distraction. - Source: dev.to / about 2 years ago

In terms of triggering upgrades, we have depfu/dependabot monitoring our dependencies for us. (Adopted depfu first, but dependabot is now baked into Github.) Its then a case of:. Source: about 2 years ago

For some time, I have updated the projects manually, however this became way too time consuming. Enter depfu, a free (for open source projects) service that keeps your project's dependencies up-to-date by proposing pull requests (PRs) whenever there's a new dependency version. Renovate is a similar service, and would work the same for the purpose of this tutorial. Depfu has made my life much easier – it... - Source: dev.to / about 3 years ago