July Informer Platform Update

Informer External Attack Surface Management Platform Update

Last Updated on 29 July 2022 by Alastair Digby

Welcome to the July Informer External Attack Surface Management & Penetration Testing platform update.

Let’s take a look at the new features added this month.

New Feature: Redirect and Responsiveness Detection

We’ve been making a few changes to reflect assets that have scanning limitations based on whether they redirect or aren’t responsive.

You will notice some new fields in the Asset Detail view As well as the Environment List view

If you hover over the icon we’ve included some explanatory text to clarify what this means for users.

Where we find assets that do not respond to our scans or which redirect to other domains we mark them with the above icons.

Web application assets that do not appear to respond cannot have vulnerability scan frequencies set. This will allow you to clearly see what assets are being scanned and which are not because they are not responsive.

For assets that redirect, if they redirect to the same asset then they can be scanned. If not, e.g. https://subdomain.example.com redirects to https://newsubdomain.domain.com then that will be marked as a redirect and you will not be able to set a scan frequency on such a domain.

We will also shortly be adding identification of 3rd party parking sites as a further state for assets.

The detection is performed automatically and we are carefully monitoring the changes. If you think an asset has been given a status incorrectly please let us know and we can adjust as required.

New Feature: Hide Resolved Vulnerabilities Setting

We have added the capability for users to hide resolved vulnerabilities. This feature can be found on the “Account” page under “My Account”.

This will remove any resolved vulnerabilities from the Environment page, but they will still appear in reports unless you also select the option in the report profile creation.

When you create a new report there is an option to tick a check box to exclude any resolved vulnerabilities from your created report.

This setting is user specific so one user in your organization can have it selected without it affecting your view.

New Feature: Domain Assets

When you add a domain we find subdomains automatically. For example www.example.com when you add example.com.

Some users have “naked” domains that do not have subdomains that still serve traffic e.g. https://example.com

We have adjusted the platform so that when you add a domain e.g. example.com the asset “example.com” will be added as a child to that parent domain. This will allow you to scan for and see vulnerabilities on your root domain should it be serving traffic, as well as creating reports and alerts for that domain.

Previously customers had to contact support for this to be added, it is now fully automatic.