A main benefit for our customers is that they do not have to select, execute and interpret highly technical security tools and their outputs. We distill the essence of relevant information regarding your security and provide it in a well-readable form.
Still, we are often asked what we actually do and use "under the hood". Besides some custom scanning software, we use various open-source tools and heavily rely on publicly available resources and information.
Detection of your infrastructure
For detecting your subdomains and externally reachable infrastructure we use the following techniques:
- DNS information
- Certificate Transparency Logs
- Passive DNS
- DNS Zone Transfer
- Brute Force
How we detect risks in your systems
- We conduct port scans and service detection using masscan and nmap and report risky services.
- We try to get access to your systems via common or default passwords for various services, such as FTP, SQL, etc using custom password lists.
- Therefore we run multiple honeypots to collect passwords attackers use in the wild.
- Further vulnerabilities in your network infrastructure are detected by network vulnerability scanners and modules.
- Your web server security is checked by our web server scanning modules.
- We search for critical or unwanted files on your web server.
- A custom fingerprinting tool detects outdated content management systems (CMS) on your web servers (currently supported: WordPress, Drupal).
- We check DNS security setting for your domains.
- We assess the security of your SSL configuration.
- We monitor and acquire public data leaks to detect the leakage of your credentials.
- We check whether your DNS provider is protecting you from unwanted DNS zone transfers.
- Some companies are leaking information via Google Groups. We verify you don't.
- We check if your IP addresses or domains show up on major blocklists.
Our scanning software is under heavy development and continuously extended.