Stay in Touch

Weekly newsletter on AI, Application Security & Cybercrime


Your data will stay confidential Private and Confidential

Security Blog
6 Terms on Machine Learning You May Have Heard of
August 1, 2019
State of Application Security at S&P Global World's 100 Largest Banks
July 10, 2019
The Age of the Supply Chain Attack
June 11, 2019
What We Learned from Infosecurity Europe 2019: GDPR, Budgets, and People Problems
June 6, 2019
Has GDPR Been Kind to You So Far?
May 28, 2019
News and press releases
ImmuniWeb® AI Introduces Rapid Testing and Report Delivery SLA for CI/CD
June 26, 2019
ImmuniWeb® Portal now offers 2FA OTP support
June 19, 2019
ImmuniWeb launches free website security and GDPR compliance test
May 29, 2019
ImmuniWeb named a Key Player on the AI in Cybersecurity Global Market
May 13, 2019
ImmuniWeb Launches Partner Portal
May 1, 2019
OWASP Top 10
OWASP’s #1 Web Application Risk - the Threat of and Solution to Web Application Injection Attacks
June 14, 2018
OWASP’s #2 Web Application Risk – the Threat of and Solution to Broken Authentication
June 21, 2018
OWASP’s #3 Web Application Risk – the Threat of and Solution to Sensitive Data Exposure
June 28, 2018
XML External Entities (XXE): the Threat of and Solution
July 5, 2018
OWASP Top 10: Broken Access Control, the risks and solutions
July 12, 2018
Security Misconfiguration, a conscious element of OWASP Top 10, the risks and solutions
July 19, 2018
XSS, a notable OWASP Top 10 old-timer, still brings up to $7,500 to researchers
July 26, 2018
Insecure Deserialization: OWASP Top 10 element of arduous exploitation but leading to system takeover
August 2, 2018
Components with Known Vulnerabilities - a major OWASP Top 10 Risk
August 21, 2018
Last but not least: OWASP Top Ten #10 - Insufficient Logging and Monitoring
August 14, 2018
Search Blog
#infosec #OWASP
#Risk Management #microservices
#Application Security #Cybersecurity #AI #DevSecOps

External Web Applications Discovery with Shodan and ImmuniWeb®

Wednesday, March 28, 2018 By Read Time: 2 min.

How many external websites, applications and (sub)domains does your company have? Compare free application discovery service by Shodan and ImmuniWeb® Discovery.


Vulnerable applications represent a huge risk for companies and organizations. One single abandoned subdomain, running an outdated WordPress installation, may open a door to successful APT attack against your company and compromise your digital crown jewels.

External Web Applications Discovery with Shodan and ImmuniWeb®

Shadow IT is one of the biggest sources of data breaches according to Gartner. In many companies, in-house and external developers unwittingly expose internal or applications in development (e.g. test environment) to the Internet, often with sensitive data and easily exploitable vulnerabilities. Many companies don’t even know how many of their applications are currently exposed to the Internet, let alone how (in)secure they are.

Cybercriminals on their turn run continuous monitoring for new apps and vulnerabilities. Once a public vulnerability appears for your CMS or CRM accessible from the outside, bad guys will start probing to exploit the flaw and takeover your web server. Worse, many cyber gangs will even patch the vulnerability to prevent their “competitors” from getting in.

Impending GDPR enforcement requires a comprehensive inventory and protection of Personally Identifiable Information (PII) that your company stores or process via a great wealth of intertwined applications, APIs and Web Services. This task becomes virtually impossible if you don’t have a comprehensive and up2date list of your web and mobile apps.

To help companies better identify and inventory their applications, we decided to compare [web] application discovery service offered by Shodan and ImmuniWeb® Discovery. Both services are available for free and provide commercial subscription for some extra options.

Being a reputable service, Shodan is a freemium OSINT search engine to look through all your publicly exposed devices, from network servers to specific IoT devices. ImmuniWeb® Discovery is a part of ImmuniWeb Application Security Testing Platform. It leverages intelligent algorithms and OSINT big data to detect external web and mobile apps attributable to your company or organization. Additionally, ImmuniWeb Discovery uses non-intrusive techniques to fingerprint CMS on the discovered applications. For every application, ImmuniWeb Discovery also assesses TLS encryption and web server security in a non-intrusive manner.

The comparison is based on publicly available data from Shodan and ImmuniWeb Discovery. For Shodan, we had to adjust the output format and remove some superfluous results (e.g. non-applications) for the purpose of the comparison. ImmuniWeb Discovery was tested directly via the customer portal.

We took five random organizations from completely different sectors, differentiating by size, complexity and scope of their external web systems. Below are the results obtained by non-intrusive OSINT discovery run by Shodan and ImmuniWeb Discovery:

openbsd.org

Shodan Total: 5
Total active servers: 2
Total web servers: 1
Total email servers: 1
Total dns servers: 1
ImmuniWeb Discovery Total: 112
Total active servers: 27
Total web servers: 25
Total email servers: 6
Total dns servers: 2

facebook.com

Shodan Total: 1882
Total active servers: 1419
Total web servers: 1416
Total email servers: 2
Total dns servers: 1
ImmuniWeb Discovery Total: 2309
Total active servers: 1859
Total web servers: 1854
Total email servers: 4
Total dns servers: 1

europa.eu

Shodan Total: 613
Total active servers: 542
Total web servers: 467
Total email servers: 74
Total dns servers: 18 		ImmuniWeb Discovery Total: 3728
Total active servers: 3345
Total web servers: 3227
Total email servers: 137
Total dns servers: 42

forbes.com

Shodan Total: 1
Total active servers: 1
Total web servers: 0
Total email servers: 1
Total dns servers: 0 		ImmuniWeb Discovery Total: 110
Total active servers: 62
Total web servers: 61
Total email servers: 2
Total dns servers: 1

wwf.ch

Shodan Total: 10
Total active servers: 7
Total web servers: 5
Total email servers: 3
Total dns servers: 0 		ImmuniWeb Discovery Total: 28
Total active servers: 23
Total web servers: 23
Total email servers: 1
Total dns servers: 0

For the purpose of this simple exercise, ImmuniWeb Discovery has significantly outperformed Shodan both by quality and quantity of the results. Nonetheless, we are continuously working on its algorithms to make them even more efficient and intelligent to eliminate the shadow in your IT.

To try ImmuniWeb Discovery for your organization, just sign-up on the Portal and explore your web and mobile apps (yes, we do detect mobiles apps too).


High-Tech Bridge Security Research Team regularly writes about web and mobile application security, privacy, Machine Learning and AI.
Tags: Application Discovery Application Inventory Shodan OSINT CMS Security Continuous Monitoring GDPR
Previous Blog Posts:

'Crypto jacking' cyber attacks up by 8,500 per cent

Tech firms are still ill-prepared for GDPR


User Comments
Add Comment

Quick Start
Products
Free Trial
Newsletter

This website uses cookies to provide you with a better surfing experience. To learn more, please visit our Privacy Policy. By continuing to use this website you consent to our use of cookies.

Accept