Edgewatch employs a system that continuously automates hundreds of tests and probes designed to assess the full coverage of your Attack Surface. While the list we provide offers a glimpse into our extensive testing regimen, it’s important to note that it represents only a fraction of the comprehensive checks we perform. We understand the importance of maintaining service integrity, so for any tests that have the potential to impact services, we ensure transparency. Users will be explicitly warned during the scan configuration phase, allowing for informed decisions about the execution of such tests.
Edgewatch integrates cutting-edge AI technology into our testing processes. This means that the tests applied to a given asset might vary in type or intensity based on sophisticated AI-driven decisions. Our system dynamically adjusts its approach, learning from the data and adapting to the unique characteristics of each asset. The benefit of this AI-enhanced process is that it allows for a more tailored and effective assessment. While traditional testing methods might take a one-size-fits-all approach, Edgewatch’s AI-driven tests are agile, adjusting in real-time to ensure a thorough and optimized evaluation of your Attack Surface.”
- Common Vulnerability or Exposure: Monitors known vulnerabilities in software, alerting organizations to potential unauthorized access or data theft risks.
- Name Server Configurations: Tracks potential DNS misconfigurations leading to domain hijacking, unintentional data disclosure, or vulnerability to phishing.
- TSSL Configuration and Hardening: Surveys Transport Layer Security setup ensuring encrypted communications are safe from interception or tampering.
- Impersonating Domains: Detects domains mimicking legitimate ones, often used in phishing campaigns to deceive unsuspecting users.
- Expired SSL Certificates: Identifies out-of-date certificates, compromising secure data transmission and undermining overall user trust.
- Unwanted Exposed Ports: Scans for unintentionally open ports, potential gateways for unauthorized access or system exploitation.
- Leaked Credentials on Darkweb: Searches dark web for organizational login details, providing timely alerts against unauthorized access threats.
- Exposed Data: Pinpoints unprotected data repositories online, crucial to prevent unauthorized access, theft, or breaches.
- Technical Credentials: Checks for exposed API keys or tokens that might grant unintended system access or control.
- Phishing Campaigns: Monitors deceptive emails or sites mimicking the organization, aiming to steal valuable data or credentials.
- Misconfigured Cloud Storage: Detects public cloud storage that may inadvertently expose sensitive organizational data.
- Outdated Software and Libraries: Alerts on old software versions or libraries vulnerable to recognized exploits.
- Exposed Internal Interfaces: Finds internal systems or tools facing the public, potentially leveraged for deeper unauthorized access.
- Embedded Malicious Scripts: Scans for harmful scripts within web content, a threat to infecting visitors or data theft.
- Weak Authentication Protocols: Detects systems using insecure authentication methods, a potential avenue for easier unauthorized access.
- Subdomain Takeover Risks: Identifies subdomains at risk of being claimed by attackers for malicious intent.
- Unencrypted Data Transmission: Monitors data transmitted without encryption, risking interception and compromise.
- IoT Device Exposure: Checks for publicly accessible IoT devices, often targets for unauthorized control or exploitation.
- Unpatched Web Applications: Flags web applications missing key updates, exposed to potential exploitation.
- Insecure APIs: Locates API endpoints lacking proper security, a risk for data breaches or unauthorized actions.
- Open Source Software Vulnerabilities: Monitors for risks associated with using vulnerable open-source software components.
- Man-in-the-Middle Attacks: Detects vulnerabilities that allow unauthorized interceptors between two parties, risking data interception or alteration.
- Exposed Backup Files: Scans for unintentionally exposed backup files which can be a treasure trove for attackers.
- Default Credentials on Devices: Alerts when devices are detected using default login credentials, an easy exploit for attackers.
- SQL Injection Points: Identifies vulnerabilities in web applications where malicious SQL statements might be inserted.
- Cross-site Scripting (XSS): Monitors for web application vulnerabilities where attackers inject malicious scripts to trick users.
- Exposed Admin Portals: Detects publicly accessible administrative interfaces that can be entry points for attackers.
- Orphaned Assets: Finds forgotten online assets still associated with the organization but no longer actively managed.
- Mail Server Misconfigurations: Monitors for email server settings that can be exploited for spamming or phishing attacks.
- Clickjacking Vulnerabilities: Detects web application vulnerabilities where attackers trick users into clicking something different from what the user perceives.
- Drive-by Download Sites: Monitors for websites pushing software downloads without user consent, often malware.
- Cross-site Request Forgery (CSRF): Scans for web application vulnerabilities where attackers trick victims into performing actions without their knowledge.
- Insecure Direct Object References (IDOR): Detects potential pathways where attackers can bypass authorization and access resources directly.
- Inadequate Session Expirations: Monitors for systems not properly terminating sessions, potentially allowing unauthorized continued access.
- Brute Force Attack Points: Identifies systems susceptible to repeated login attempts, risking unauthorized access.
- Unsecured File Upload Points: Checks for sites allowing unrestricted file uploads, potential avenues for uploading malicious content.
- Insecure Cookie Handling: Monitors for systems mishandling web cookies, risking session hijacking or user impersonation.
- Exposed Debug Information: Detects system outputs revealing internal workings, aiding attackers in crafting targeted attacks.
- Password Spray Attacks: Identifies systems vulnerable to attacks using common passwords against numerous user accounts simultaneously.
- Remote File Inclusion (RFI): Monitors for vulnerabilities allowing attackers to include remote files, often leading to code execution.
- Buffer Overflow Points: Checks for systems susceptible to overflowing buffers, allowing malicious code execution.
- DNS Amplification Attacks: Monitors for DNS configurations that can be abused for DDoS attacks.
- Server Misconfigurations: Detects servers running with insecure settings, potentially exposing them to various attacks.
- Network Infrastructure Vulnerabilities: Scans for weaknesses within the network architecture itself, from routers to switches.
- Legacy Systems Still Online: Flags old, unsupported systems still connected, often full of unpatched vulnerabilities.
- Insecure Wireless Configurations: Monitors for Wi-Fi setups using weak encryption or outdated protocols.
- Email Spoofing: Detects vulnerabilities allowing attackers to send emails appearing to come from a legitimate source.
- Hidden Entry Points: Scans for lesser-known gateways into the organization, often overlooked in regular security audits.
- Domain Expiration Monitoring: Alerts on nearing domain expirations, preventing potential hijacking or lapses in business continuity.
- Shared Third-party Dependencies: Monitors shared services for vulnerabilities, as one exploited service can affect multiple organizations.