Contact Sales
Detectify EASM platform
  • Platform overview

    An overview of how Surface Monitoring and Application Scanning work together to form our EASM platform

  • Surface Monitoring

    Our product that offers continuous monitoring of known and unknown Internet-facing assets

  • Application Scanning

    Our product that runs in-depth and unlimited scans on web applications for deeper coverage

Solutions by use case
Solutions by industry
  • Technology

    Solve common challenges faced by technology organizations

  • Consumer packaged goods

    Get more visibility and control over your digital products

  • Media & Gaming

    Manage digital transformation and secure what you're hosting in the cloud

  • Public Sector

    For agencies, higher education, and European governments

New e-book: How EASM is outpacing DAST for AppSec teams Start 2-week free trial
Watch a demo Talk to sales
Detectify Crowdsource
  • What is Crowdsource?

    How Detectify customers benefit from our community of elite ethical hackers

  • Meet the community

    Meet some of our ethical hackers who come from all corners of the globe

  • Leaderboard

    See which ethical hackers are leading for the quarter, year, and all time

FOR ETHICAL HACKERS
  • Join Crowdsource

    Ready to join? Solve our Crowdsource Challenge and become part of our community

Start 2-week free trial
Watch a demo Talk to sales
Resource Center
  • All resources

    Explore case studies, webinars, e-books, whitepapers and videos

  • Case studies

    Learn how Detectify is an essential tool in these customer stories

  • Webinars

    Webinars and recordings to level up your EASM knowledge

  • E-books & Whitepapers

    Browse and download e-books and whitepapers on EASM and related topics

  • Events

    Register and browse for both online and in person events and webinars

  • Detectify Blog

    Read the latest product updates, news, industry insights and best practices

  • E-books & Whitepapers

    Browse and download e-books and whitepapers on EASM and related topics

  • Events

    Register and browse for both online and in person events and webinars

  • Detectify Blog

    Read the latest product updates, news, industry insights and best practices

Trending Topics
Start 2-week free trial
Watch a demo Talk to sales
Products & Solutions Resources Crowdsource Partners Pricing About us
Products & Solutions
Platform overview Surface Monitoring Application Scanning
Solutions by use case Attack surface protection Prevent subdomain takeover Scaling organizations
Solutions by Industry Technology Consumer packaged goods Media & Gaming Public Sector
Start 2-week free trial
Watch a demo Talk to sales
Crowdsource
Detectify Crowdsource What is Crowdsource? Meet the community Leaderboard
For ethical hackers Ethical hacking with us How Crowdsource works Detectify Labs
Start 2-week free trial
Watch a demo Talk to sales
Resources
Resource Center All resources Case studies Webinars E-books & Whitepapers Events Detectify Blog
Trending Topics External Attack Surface Management Common attack vectors
Start 2-week free trial
Watch a demo Talk to sales

Continuous monitoring for Log4j vulnerabilities

Detectify now checks for the critical and actively exploited Apache Log4j vulnerability CVE-2021-44228, a.k.a. Log4shell. Customers can start scanning their assets straight away. New to Detectify? Start a trial today and get unlimited scanning for 2-weeks.

Log4j illustration

How has the Log4j threat impacted software?

The CVE-2021-44228 Apache log4j RCE vulnerability allows an attacker, who can control log messages or log message parameters, to execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.

Some of the software identified as potentially vulnerable includes solr, druid, flink, struts2, logstash, redis, elasticsearch, kafka, pulsesecure, spark, and tomcat.

Crowdsoured security is a must

Thanks to our ethical hacking community, Crowdsource, we’ve received a variety of proof-of-concepts with valid payloads for CVE-2021-44228 Apache log4j RCE, and Detectify customers continue to benefit from the growing testbed for better coverage over this critical vulnerability.

How extensively does Detectify check for Log4j vulnerabilities?

Detectify Surface Monitoring sends payloads to request headers and URLs (in some cases, query parameters too). We currently send over 20 malformed requests for the Log4j vulnerability in our customers’ assets (including GET request parameters in some tests). When we send a payload and observe something trying to resolve on a domain, we produce a vulnerability finding.

Vulnerabilities we scan for:

  • CVE-2021-44228: Log4Shell (log4j) RCE
  • CVE-2021-45046: Log4Shell (log4j) Bypass RCE
  • Apache OFBiz Log4Shell (log4j) RCE
  • Apache Solr Log4Shell (log4j) RCE
  • Apache Struts2 Log4Shell (log4j) RCE
  • Mobileiron Log4Shell (log4j) RCE
  • Tableau Log4Shell (log4j) RCE
  • VMware Horizon Log4Shell (log4j) RCE
  • VMware vCenter Log4Shell (log4j) RCE

See our blog post for more information.

In Application Scanning, customers have access to all of the above and more. Detectify scanning engines crawl customer applications followed by extensive fuzzing of all parameters, such as cookies, JSON keys, and query parameters. We also send payloads in certain events, such as an error. If we receive a DNS pingback, a vulnerability finding is triggered.

Please note: due to the evolving nature of the situation, we may change how we scan for Log4j.

Check for log4j vulnerabilities

Start vulnerability testing to find exploitable anomalies across your attack surface with a free trial of Detectify.

Start 2-week free trial

Or would you rather speak with an expert?

Schedule a demo