Announcing New Features in Attack Surface Reduction

Today we are happy to introduce the new Explorer Tab for ASR. This new version redefines the concept of asset exploration, providing even more detailed information about any of your digital assets, to help you perform attack surface data analysis in a much better way. Look for the new 'Explorer' tab Take a look at all the new and exciting capabilities included within this upgraded version of our ASR Explorer. This release contains several improvements, including: Better visual web app identification with the use of home page screenshots. Extended infrastructure detection capabilities such as Waf detection and Backend Technology mapping, and more! If this summary is as exciting for you as it is for us, please join us in the following sections where we briefly showcase each of the most interesting new features ready for you to test! Technology Detection This new version includes access to Technology detection, particularly important concerning backend technologies running on the remote host, along with their versions. This new analysis feature helps you build a technology profile, showing you what websites are built with, such as CMS, application servers, frameworks, e-commerce platforms, Javascript libraries, and much more, as you can see from the above screenshot. Screenshots In a separate tab, to the right of the host list, you'll find a 'Screenshots' option. This new feature allows you to visualize screenshots of all assets in an extensive way, as shown here: Additionally, it's also possible to see the different screenshots by looking at the Explorer tab’s main dashboard and hovering over the listed open ports highlighted with a white sheet. Once that's done, a screenshot snippet will appear next to the position of your pointer, which will provide you with a home page visual preview. Waf Detection Waf Detection helps security researchers during the application discovery and software identification phase and serves well to keep an eye on how many of your assets do or do not have any Waf to protect them. Which Waf's can be detected? ASR can detect almost any kind of Waf, and just to mention some of the more popular ones, they include: Cloudfront, Cloudflare, AWS Elastic Load Balancer, Cache Wall, Incapsula, Kona Site Defender, DOS arrest, Zenedge, Big-IP Local Traffic Manager, Net Scaler App Firewall, Wordfence, and many other commercial and generic Waf's. Summary With these new features in ASR Explorer, organizations can gain even more visibility over the status of their digital assets in a quick and centralized manner, covering previous asset data from our original 'Explorer' version while adding new and critical information about server technologies and software versions, as well as useful crawling details. Take advantage of this bold new infosec feature, get a clear picture of all your assets and begin securing your IT infrastructure as quickly as possible, request access to ASR today.