Engineering Better Asset Discovery: Beyond Open Source Tools When building critical security infrastructure, the foundation matters. While open-source tools provide valuable building blocks, complex challenges like DNS wildcard detection require purpose-built solutions.

The Evolution of Enterprise Architecture and Asset Discovery Modern enterprise infrastructure has evolved significantly. Today's environments are cloud-distributed, protected by Web Application Firewalls, and delivered through Content Delivery Networks.

Safe Automation: The Hidden Challenge in Security Testing 🛡️ A key insight from our Surfacing Security podcast: Organisations face two major hurdles with security automation. Let's break down why the skill gap remains such a persistent challenge...

The Signal-to-Noise Challenge in Attack Surface Discovery continues to vex security teams in our increasingly complex digital environments. The real challenge isn't just finding everything - it's finding what truly matters for your security posture.

Scaling Security Depth: Why Detailed Analysis Matters More Than Ever A key insight from our Surfacing Security podcast: The power of deep analysis isn't just in what it finds - it's in how it scales. The traditional view that deep analysis can't scale efficiently? That's being turned on its head.

The Evolution of Attack Surface Management: From Idea to Innovation 🚀 Years before ASM became an industry buzzword, we identified a crucial gap in security: the need to continuously monitor EVERYTHING across an attack surface.

The Reality of Security Research and Remediation 🔍 Finding vulnerabilities is just the beginning. The path to effective remediation is longer than most realise...

Redefining Attack Surface Management: Beyond Asset Discovery In our latest Surfacing Security episode, we challenge the conventional understanding of ASM and explore its true potential - because ASM isn't just about asset discovery, it's about what you do with that information.

𝗦𝗽𝗲𝗲𝗱 𝗮𝗻𝗱 𝗦𝗰𝗮𝗹𝗲 𝗶𝗻 𝗔𝘁𝘁𝗮𝗰𝗸 𝗦𝘂𝗿𝗳𝗮𝗰𝗲 𝗠𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁 What happens when you combine comprehensive attack surface visibility with continuous monitoring?

Beyond Data Collection: The Missing Piece in Attack Surface Management A key insight from our latest podcast: The security industry has a data obsession, but data alone doesn't protect your organization. The traditional approach of bigger wordlists, faster tools, and wider scanning isn't enough.

Last month, our Security Research team discovered and disclosed a critical pre-authentication RCE in CraftCMS (CVE-2024-56145). You can read our blog post on the issue here: assetnote.io/resources/re... #attacksurfacemanagement

Hidden in Plain Sight: The Cloud Security Challenge 🔍 Modern cloud infrastructure is transforming how applications are deployed. But it's also creating massive blind spots in traditional security scanning.

For 6 years, we've built something different: A platform where security research drives our exposure discovery engine, not just CVE matching.

Our security research team reverse engineered the patch for CVE-2024-8534. A memory safety vulnerability leading to memory corruption and Denial of Service in Citrix NetScaler. Read our research here: www.assetnote.io/resources/re...

Shadow IT and hidden vulnerabilities create major blind spots in security programs. Our Surfacing Security podcast reveals why traditional assessment tools fall short and what modern security teams are doing about it.

In the evolving world of #AttackSurfaceManagement, it's not just about discovering assets - it's about turning visibility into actionable intelligence. Our Surfacing Security Podcast explores the shift from traditional foot-printing to modern, automated solutions.

🎯 Attack Surface Management Must Cover Modern Environments Over the last 10 years, Attack Surfaces have evolved. With SaaS, CDNs and Cloud Platforms, the IT environment has expanded significantly.

🎯 ASM is more than asset discovery. It's about real-time awareness, scale, and actionable visibility. Turn insights into security improvements.

🔍 Modern cloud infrastructure with WAFs, CDNs, and virtual hosting creates blind spots in scanning. Time for a modern #AttackSurface mapping. 🎧 Listen to Surfacing Security Spotify: https://buff.ly/3BFRth2 Apple Podcasts: https://buff.ly/3TTe6F3 YouTube: https://buff.ly/3ZfTb28 #CyberSec #ASM

Earlier this year, Assetnote's Security Research team discovered a vulnerability in Sitecore XP (CVE-2024-46938) that can lead to pre-authentication RCE. Order of operations bugs are one of my favorite types of bugs :) Write up and exploit script here: assetnote.io/resources/re...