As Nuno, my fellow co-founder and CEO, usually says, the first rule of a truly robust AppSec program is to have a very clear understanding of what your attack surface looks like. Meaning, you need to know what you have to protect in order to actually protect it: you can’t protect what you don’t know.

With the advent of the API Economy, and with new web apps being created every single day, keeping track of an organization’s portfolio, or inventory of APIs and web apps, could be a full time job by itself.

With the emergence of composable apps, and microservices architecture, APIs became the backbone of the applications we use day in and day out. Organizations build ever more complex apps with a myriad small APIs providing all of the apps’ functionality.

The low-code and no-code movements also spawned a new era of development for the tech-savvy without a strong background in app development, the generally called citizen developers. So, security teams also had to start ensuring the security of applications that were not necessarily built by making use of the strongest of app development tenets and best practices.

Add to all that the fact that close to 100 new vulnerabilities are being reported every single day, and that there’s a cybersecurity incident happening every 39 seconds, and you’ll quickly realize how the odds are stacked against security teams. Not only do they struggle with keeping track of the inventory, they need ways to make their programs scalable, whichever the size of their organization.

Because Nuno and I have been on the other side of the fence, we know the trials and tribulations of both development and security teams. When we created Probely, we knew exactly what we needed to provide to the market: the very tool we’d like to have had in our hands at the time, that would make our lives that much easier. And not overcomplicate the lives of our dev colleagues – because we’d also been developers ourselves we knew the impact of unnecessary noise, the strains of “alert fatigue”.

From the get go, we wanted to offer organizations of all shapes and sizes a scalable, powerful, and customizable solution that would cover their AppSec needs.

Point and Shoot Asset Discovery

With Discovery, we’re taking an extra step: we’re adding to our industry-leading DAST solution and expanding it with a set of capabilities that make it an even stronger proposition. We want to enable organizations to uncover all of their unknowns, make them well known, and then PROBE them for vulnerabilities. (Guess you know now where the name Probely comes from, right?)

With the introduction of Discovery, Probely enables organizations to find, manage, and prioritize their inventory of APIs and web apps, to uncover their entire external attack surface.

Discovery achieves that by running an automatic and non-intrusive discovery of services and applications running in your infrastructure. As one of Probely’s design rules and tenets for automated security testing, the solution is as point-and-shoot as possible. All you have to do is provide the details to integrate with your Cloudflare (available right now) or AWS (coming soon) to discover all your assets, and get a complete list of FQDNs and running services.

As soon as you add an infrastructure source to your account, Probely starts performing regular discovery scans to identify the assets that compose your external attack surface. You’ll instantly start getting valuable insights that can be used to filter through the information, and help you manage your assets, so your attention is focused on all the right things.

What sets Probely’s Discovery feature apart is the seamless integration with Dynamic Application Security Testing (DAST). As assets are discovered, you’ll get the choice to classify and prioritize the entire inventory of API and web apps for security testing. Not only that, with a single click you’ll be able to start scanning those assets for vulnerabilities.

As for the rest, we’re keeping on the same track of innovation and excellence, built on the shoulders of an amazing, world-class Engineering team (kudos for the delivery, team!). More news to come later this year, but we promise that we’re going to keep adding to our revolution of AppSec and DAST.

Discovery’s unveiling comes right on the heels of the RSA Conference – the premier cybersecurity event that brings together industry leaders, experts, and practitioners alike, to address the latest challenges and trends of the cybersecurity world. Probely’s participation in the event is a testament to our continuous commitment to innovation and to maintaining excellence in the field.

Eager to get your hands on Discovery? The quickest, and probably best way is to just sign-up for our 14-day fully-featured free trial. All new trials will have the feature enabled by default.

Or, if you’d rather get a demo first, fill in your demo request, and we’ll get back to you as soon as possible! If you’re at RSA, just come by our booth and we’ll give you a quick tour… and some cool swag, too.