Offensity Отзыв

Offensity is an automated vulnerability scanner helping IT admins identify vulnerabilities by scanning infrastructure from the Internet. The service focuses on ease of use and minimizing human effort. You will be set up in minutes: IT admins enter and verify the main domain (e.g. example.com). Additional subdomains will be suggested automatically. Scanning starts. That’s it. Offensity is easy to handle and precise in ranking your vulnerabilities by risk. ON AVERAGE OF 40 NEW SECURITY VULNERABILITIES ARE PUBLISHED EVERY DAY. Vulnerabilities in email servers, web apps, CMS and VPN software: a daily growing list that allows hackers to gain access to companies' systems. SMALL CONFIGURATION ERRORS MAKE CRITICAL INFORMATION VISIBLE TO THE OUTSIDE WORLD. The media regularly reports on hacked companies and lost customer data. The technical errors are usually trivial: a misconfigured firewall rule making confidential data (SQL Server, ElasticSearch APIs, Redis) accessible. A publicly accessible and unpatched MySQL admin instance. A small bug in the deployment script putting the application source code online and containing sensitive passwords. "Test123" being the password. Offensity is good at: - Finding internal services and open ports that would be better left inaccessible. - Permanently reviewing and testing new exploits. Evaluating your risk and ensuring your IT team is not taken by surprise. - Detecting outdated and exploitable server software. Fingerprinting your systems and checking for common exploits. Custom fingerprinting engine for popular CMS solutions (WordPress, Typo3, Drupal, Joomla, PHPMyAdmin and many more). - Finding hidden files (config, backups, logs, ...) and endpoints not intended for the public. Running our custom crawler technology and applying common URL patterns against your websites. - Finding weak credentials of your users: SSH, Telnet, FTP, SQL, web forms and many more. - Automatically searching and finding vulnerabilities in your web applications (SQL Injections, Cross-Site Scripting, Server Side Template Injection, Remote and Local File Inclusion Tests, ...) - Highlighting weak security configuration in servers. Searching blocklists for your IP addresses. Checking DNS settings and SSL configuration for security best practices.