We have recently released Out-of-band Exploitation Support, a new feature that will improve test coverage, the quality of scan results, and allow us to implement new types of security tests. Our backend developer Christoffer Fjellström explains why the feature is one of the highlights of last week’s release.
How does it work?
“Out-of-band Exploitation Support adds support for our modules to receive side-channel or out-of-band proof of exploitation in a reliable way. This is currently done by triggering a DNS lookup in the target system but other channels may be added in the future,” Christoffer says.
The new feature will not only improve existing security tests (such as Blind SQL tests), but will also broaden the scope of the findings security researchers submit to Detectify Crowdsource. “We can now implement submissions that rely on out-of-band communication in a reliable way,” Christoffer explains.
How will it affect my scan results?
Users will not see any major changes in their scan results following the release. Out-of-band Exploitation Support is a supporting feature that will improve the quality of scan results over time and reduce the number of false positives. Christoffer explains: “Some of our security tests will now generate fewer false positives. As more tests are implemented using Out-of-band Exploitation Support we expect you to get greater coverage and more reliable results.”