Detectify launches open source security tool for ethical hackers

Report this content

New offering brings research-driven vulnerability scanning to open source community

STOCKHOLM - May 18, 2021 - Detectify, the SaaS security company powered by ethical hackers, today announced the general availability of Ugly Duckling, a stand-alone application security tool specifically tailored for ethical hackers to make it easier for them to share their latest findings.

Finding web vulnerabilities as soon as they emerge - before attackers exploit them - is critical to stay on top of web application security. The Ugly Duckling speeds up the incorporation of vulnerabilities found by ethical hackers into automated security tests on Detectify's platform by giving hackers the tools to create more test modules independently. 

Upon finding a vulnerability, the ethical hacker can write a module as a JSON file and test it out in Ugly Duckling, to validate that it works. Detectify then implements the JSON file on their platform, scaling the quality-checked findings to thousands of application owners and security teams. Using Ugly Duckling, vulnerability findings can run live as security tests within 5-10 minutes after they have been submitted. It’s a win-win: security and engineering teams can stay up to speed with the latest exploitable vulnerabilities found in the wild, while the ethical hackers can get paid faster.

Ugly Duckling uses a custom JSON-based template format to describe the vulnerabilities. It detects "stateless" vulnerabilities, i.e., vulnerabilities that can be identified with a single HTTP request, analyzing the response that comes back. 

Detectify crowdsources the latest security research from ethical hackers and delivers it to security engineers and application owners as payload-based tests, enabling them to continuously scan their applications for vulnerabilities.

Pricing and Availability
The Ugly Duckling vulnerability scanning tool is open-source and MIT-licensed on Github. Consistent with the company's belief in approaching security in a collaborative way, the Ugly Duckling web scanner is not exclusive to ethical hackers in Detectify's Crowdsource network, but available for anyone to use for bug bounty hunting, security research, or penetration testing. For more information, please visit Detectify Labs.

Comments on the News
"Vulnerability research is often a time game. With Ugly Duckling, we can get quality-checked research from our hackers sooner, allowing for more vulnerabilities to be released as tests before the vendor has patched them. This means better protection for customers and higher payments for the hackers," says Tom Hudson, Security Research Tech Lead at Detectify.

"To build safer web apps, security needs to be a collaborative effort, and knowledge about it needs to be accessible. The stand-out feature with Ugly Duckling is that the code is simple and MIT licensed, so you can use it as a jumping-off point to build your own custom scanner," continued Hudson.

Supporting Resources

For more information, please contact: 

Fredrika Isaksson
PR Manager
+46 (0)76 774 96 66
fredrika.isaksson@detectify.com

Reagan McAfee
Offleash for Detectify
detectify@offleashpr.com

About Detectify
At Detectify, we believe that world-class cybersecurity knowledge should be accessible to everyone. Detectify automates the latest security findings from leading ethical hackers and brings it into the hands of security defenders and web application teams. Powered by a network of handpicked ethical hackers, Detectify’s security solutions check your application beyond the OWASP Top 10 and helps you stay on top of threats in the cloud.