Search Results

Introduction and Overview About the ReConfirm External Attack Surface Management platform ReConfirm does: Comprehensive scanning of domain and network registration databases. Analysis of Internet DNS IP to hostname resolution logs. Passive browsin...

1. Access-Control-Allow-Credentials 2. Access-Control-Allow-Headers 3. Access-Control-Allow-Methods 4. Access-Control-Allow-Origin 5. Access-Control-Expose-Headers 6. Access-Control-Max-Age 7. Clear-Site-Data 8. Content-Security-Policy 9. Cross-Ori...

Port: 21 Explanation: This port is used for FTP (File Transfer Protocol). Impact: This port sends its data over plain text, meaning that attackers can abuse this port to intercept and steal credentials. Mitigation: Close port 21 or use SFTP instead. ...

It's essential not only to identify vulnerabilities in your attack surface but also to provide you with the most effective information to resolve these issues. Depending on the severity of the vulnerability, you might want to address it directly once a vulnera...

The Email Security section presents the results of security checks on key email authentication protocols, including DMARC, SPF, MX, and DKIM. This information helps users assess the email security configuration of the scanned domain, ensuring that measures are...

Similar Domains:The listed domains closely resemble the scanned domain in text or pronunciation. It is crucial to monitor these "lookalike domains," as they pose significant risks to your organization. Lookalike domains are often used by malicious actors to ex...

The "Associated Domains" section provides a list of domains that are either connected to the scanned domain or have been seen interacting with it in various capacities. Monitoring these associated domains is crucial as they can give insights into your organiza...

The scan results provide a comprehensive list of assets that are directly associated with the initial scanned domain. These assets include subdomains, IP addresses, open ports, and the technologies used on these services. Monitoring these assets is essential f...

The "Credential Leaks" section provides information on email addresses associated with the scanned domain that have appeared in known data breaches. Monitoring credential leaks is crucial for understanding potential security risks and taking action to protect ...

Subdomain Scan Results The Subdomain Scan provides a comprehensive overview of the subdomains associated with the scanned domain. Monitoring subdomains is crucial as they often host various services and applications that can be potential targets for attackers...

The Subdomains - Inactive Results section highlights subdomains that are either currently unresolved or offline. Monitoring these inactive subdomains is crucial for understanding potential risks and managing your organization's attack surface. Even though th...

The SSL/TLS Information section provides a detailed overview of the SSL/TLS certificates used by the subdomains of the scanned domain. SSL/TLS certificates are crucial for securing data transmitted between a user's browser and the server, ensuring data integ...

To Do:   Scan configuration General Scan configuration scheduling scans Saving a configuration into a scan profile Recommended scan configuration by ReConfirm Explainer of Jargon. 

At ReConfirm, we are committed to integrating security into every phase of our Software Development Lifecycle (SDLC). Our Secure Software Development Lifecycle (SSDL) approach is designed to identify, mitigate, and address security risks from the initial sta...

Introduction This document provides technical details for integrating your system with our webhook service. The webhook operates over SSL and requires a bearer token for authentication. Once set up, it will send all scan results to your specified endpoint in ...