Based on our record, Private Packagist should be more popular than Detectify. It has been mentiond 7 times since March 2021. We are tracking product recommendations and mentions on various public social media platforms and blogs. They can help you identify which product is more popular and what people think of it.
I was told in another forum to look at Private Packagist... But how is that different? Instead of installing packages from packagist.org.. You pay to Packagist.com to do the same thing? You just download from packagist.com cloud instead of packagist.org? Source: almost 2 years ago
We have a private Satis instance. Our ITSec team reviews all packages before we add them to Satis. Packagist.com is available for us but the CI-CD servers can reach only the private Satis. Source: almost 2 years ago
Https://packagist.com maybe tell them about a local packagist install. Source: almost 2 years ago
"[MANAGER] requested this to be done in PHP. You as IT will know that most modern programming and scripting languages work only with packaging software properly. Composer sends requests (majority of cases) to packagist.com and to github.com. It will add thousands of hours to do everything that composer does manually. Please sign here to authorize the usage of 4000 hours and the possible delay of 4000 hours.... Source: almost 2 years ago
Another downside that only really exists with non-PHP boilerplates is getting updates isn'T as easy. With PHP we're able to use packagist.com and make our code available via composer. Other languages don't have this so SaaS Pegasus provides zip downloads and Gravity provides access to a GitHub repo. This means you have to apply bug fixes yourself. With Parthenon, you do composer update and you'll get the latest... Source: about 2 years ago
Detectify once made an offer of making free scans which I took them up on. There are plenty of free Content Security Policy (CSP) and other vulnerability checkers around such as Observatory or Pentest. Shields UP!! Will identify which ports you have open. Source: 7 months ago
Detectify | Community Manager, Crowdsource | REMOTE (Offices in Boston, US & Stockholm, Sweden. We help with relocation if wanted) https://detectify.com/ We are a cyber security company in the industry, and more specifically the EASM (External Attack Surface Monitoring) space by automating and scaling the knowledge of hundreds of ethical hackers through our SaaS platform. Currently through our unique to Detectify... - Source: Hacker News / over 2 years ago
A concept-level idea would be this: 1) For your staging/UAT environment pipeline stages, add a "DAST scan" step, eg. With Detectify (which also has an API accommodating this need) 2) I'd assume, independently from the DAST scan, you ran some tests on UAT. Allow the scan to complete during the time it takes to run your UAT tests. After that, you'll get a report (automated or not) from your scanner. 3) When... Source: almost 3 years ago
Subdomain takeover was pioneered by ethical hacker Frans Rosén and popularized by Detectify in a seminal blogpost as early as 2014. However, it remains an underestimated (or outright overlooked) and widespread vulnerability. The rise of cloud solutions certainly hasn't helped curb the spread. - Source: dev.to / over 3 years ago
Satis - Satis is a simple static Composer repository generator
Burp Suite - Burp Suite is an integrated platform for performing security testing of web applications.
Artifactory - The world’s most advanced repository manager.
Intruder - Intruder is a security monitoring platform for internet-facing systems.
Sonatype Nexus Repository - The world's only repository manager with FREE support for popular formats.
Websecurify - Websecurify free and premium security tools automatically scan websites for vulnerabilities like SQL Injection, Cross-site Scripting and others