I got a notice from a marketing friend of mine that may point to the fact that GDPR forbids the use of Google Analytics. Google Analytics is one of the most widely used ways to identify traffic on websites, and the implications of its non-compliance are wide-reaching as not many ...

Read More

Python is often called “type safe” by people who aren’t aware of the fact that it is actually “duck typed” in the sense that if the variable ‘walks like a duck and talks like a duck, it must be a duck’. A variable can be injected with a string called NaN (which stands ...

Read More

At Bit Discovery, we often must walk both clients and potential clients through the rational objection to the idea of adding everything to their inventory and then testing everything that they find.  The concern is understandable – it’s expensive, creates duplicate workload, potentials for false positives grow, and any additional ...

Read More

Bit Discovery Raises $4 Million Series B as Attack Surface Management Gains Momentum

1. Over 2 billion Internet-connected assets are listening on ports 80 and 443, each most likely containing some number of vulnerabilities. Do the math. 2. Most companies remain unaware of the websites they own, what they do, or who is responsible for them. Obviously, you can only scan and secure what ...

Read More

On occasion, there will be an asset that slips through the cracks, and there is a wide variety of reasons for it. Not all assets are made equal, so while an asset may be missed, the ones that are missed are often the least important in terms of risk, but ...

Read More

One of the most powerful features within Bit Discovery is an often overlooked one – the HTML search. It is so simple, yet so powerful. It gives you the unique ability to “see” what is on each homepage within your environment without having to look at each page.  Think of ...

Read More

What if I were to tell you that an attack surface map can be more effective at finding critical vulnerabilities in some cases than a traditional network vulnerability scan? Crazy to think about, I know.  To understand why it is crucial, you must first understand that CVEs do not matter ...

Read More

I had the pleasure of talking to an IT Audit organization that had been using Bit Discovery extensively to protect themselves and audit external IT. When they mean external, they really mean companies they have either acquired or are about to acquire.  We usually don’t get a lot of insight ...

Read More

This post is the eighth and last of a short series of posts that we have dubbed “Attack Surface Mapping the Wrong Way,” showing the wrong ways that people/companies/vendors attempt to do attack surface mapping. In this final post, I will show the right way. The answer: Start with Everything So now ...

Read More