Release: Improved PDF report and new WordPress vulnerabilities – 10 minute mail

We are continuously developing our scanner and service. In the latest release we have added a new improved PDF report which now has an executive summary. We have also added a couple of new vulnerabilities for WordPress.

New improved PDF report

Export full report or just executive summary

The new PDF report is released that will give you the ability to export the findings and share it with your colleagues. You also now have the opportunity to export an executive summary that will give you an understanding of your security status in a comprehensible format.

Export is located at the top right in the report

You find the export button in the top right corner of your dashboard.

New vulnerabilities added for WordPress

We have added a couple of new vulnerabilities for WordPress to the scanner. This is part of our continuous improvement and we are constantly looking out for new vulnerabilities.

We hope that these new features will serve you well. If you have any feedback on our new release or ideas for new features do not hesitate to tell us, either in the comments below or at [email protected]

Happy scanning!

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Release – Now available to accept risks for future reports – 10 minute mail

New feature: Accept risks for future reports

Now you can select vulnerabilities to mark as accepted risks, if you don’t want to be notified about them every time you scan.

If, for example, you’re already aware of a vulnerability, or if you think it’s not actually a risk, you can mark it as a false positive or acceptable risk, and it will no longer be flagged as a vulnerability when you run a scan (unless you change the status manually).

Go check it out here and Go hack yourself!

The Disposable mail Team

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

[Release] New modules | Disposable mail Blog – 10 minute mail

Security never stands still, which is why we update our service on a regular basis to help you keep up with the latest vulnerabilities. We are constantly working on updating and improving our modules, but you can find some highlights from this week’s update below.

WordPress vulnerabilities

*Added WordPress theme colorway XSS

Other updates

*Added highlight to VBS XSS findings
*Added more DBMS regex patterns (SQL Error & SQL Injection)
*Added CVE-2016-0957 Adobe CQ5 authentication bypass

If you have any questions about what vulnerabilities we test for and how we update our service, don’t hesitate to reach out by emailing support [at]detectify.com.

Happy scanning!
/The Disposable mail Team

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

[Release] New dashboard and billing – 10 minute mail

This week’s release brings a completely overhauled dashboard and billing, giving you a clear overview of your scan profiles’ security status and your team’s billing details.

Dashboard

The dashboard now includes a list of all scan profiles with an overview of the findings discovered during the latest scan. By clicking on the last scan date, you can quickly access the latest report. If you’d like to see an overview of your scope profile’s security status over time, simply select it to take a closer look at the findings.

Your domains and scan profiles are now accessible through the top menu under Domains & Profiles.

Billing

The billing page allows you to access and update billing information and history for all your teams. You can find subscription details by clicking on the name of your team in the team list.

Your complete Billing History (including all teams) is now available at the bottom of the Billing page.

Happy scanning!
//The Disposable mail team

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

[Release] Check if your website passes the OWASP Top 10 test! – 10 minute mail

Ever wished there was an easy way to see if your site is vulnerable to any of the vulnerability categories on the OWASP Top 10 list? The latest addition to the Disposable mail tool allows you to do just that! Our new OWASP view provides a quick and easy way to check whether your site passes or fails OWASP Top 10 tests.

To take a look at the OWASP view, select your scan profile, then click on “OWASP Top 10” under Reports.

Disposable mail OWASP View

Below the graph of your progress over time, you can find a list of all OWASP Top 10 vulnerabilities. The categories your scan profile passed are marked with green check marks and those failed are marked with red. You can dig deeper into the categories your scan profile is vulnerable to by selecting “View findings”.

Disposable mail OWASP view scroll

Above the list, you can see your overall OWASP Top 10 score that shows you how many of the 10 tests your scan profile has passed. Please note that not all OWASP categories are equally critical; for example, failing the injection test is still a serious security risk even if your site passes all other 9 tests.

If you’re curious about a specific OWASP category and wish to learn more, click on the link to visit our blog for code examples and remediation tips.

Happy scanning!
/The Disposable mail Team

 

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Hello Crawler 2.0! How we improved our core service and what this means for your scan results – 10 minute mail

If you follow our blog, you might have already seen an announcement introducing our updated core service with a new crawler. More reliable, more thorough, more deterministic, and with better coverage – sounds great, but what does it all mean? Find out how our engineers, who aim to build the world’s best and most thorough security scanner, have brought to life a new crawler that gives you even better results and helps you stay safe.

Why it was time to say goodbye to the old crawler

Natasha Lazarova - Disposable mail

Natasha Lazarova, software engineer

The crawler is where the fun begins; after gathering basic information, we crawl your website to identify the pages that will be tested. The quality of the entire scan depends on whether the crawler does its job well, so we wanted to improve crawling consistency and avoid duplicates. Because today’s web is not as static as it was in the past, our goals were to offer better javascript support and page filtering mechanisms.

The old crawler has served us well, but it was time to move on and build a crawler that is better-suited to our customers’ needs. Our software engineer Natasha Lazarova, who has been working on the crawler since April, says: “We started building the new crawler in spring, so it’s a result of more than half a year of hard work. It’s great to see that it’s performing well and that it has improved the quality of the entire service.”

 

Enter our shiny new crawler! What’s new?

Smart page filtering. This may very well be the biggest asset of the new crawler! How does it work? By looking at a few key metrics, for example

Crawler Visual - Disposable mail

Visual representation of our crawler in action

client state (cookies and other storage), dom structure and javascripts, we can filter properly. The smart page filtering has cut scan times, which is why your scan might take less time than it used to. Don’t worry, we are still carefully combing through your site, a shorter scan time simply means that smart page filtering is working its magic.

Improved javascript rendering support. We have drastically improved our javascript coverage, which means we can now render dynamically created DOM structures. Natasha explains: “Thanks to javascript rendering, we can now crawl corners of your website that we couldn’t crawl before.” Sorry Crawler 1.0, but this is something you simply couldn’t handle!

High level of configurability. The new crawler offers a bunch of new configuration options that we will be rolling out in the future for our power users. This includes options related to cookies, headers, connection timeouts, javascript timeouts, and allowing crawling actions (buttons/forms/links etc).

Improved crawl consistency. Consistent crawls are crucial for high quality scan results. “The crawling is now done sequentially, which makes it more consistent. Unless you have changed something on your website, two consecutive crawls should be the same,” Natasha says.

What’s next?

Now that the new crawler is up and running, Disposable mail’s engineers are working on optimizing other parts of the scanner: “The goal is to continuously work on making the scanner faster, produce better results and test for more vulnerabilities. We are also focusing on providing a higher level of transparency, such as the OWASP Top 10 view, where you can see how many tests you have passed or failed.”

Before we released the new crawler, it was available as a beta feature and tested by our awesome customers who kindly provided us with feedback. We would like to thank everyone who gave the new crawler a try while it was still in beta!

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Improved finding details view and new Crowdsource tag – 10 minute mail

Findings are a key component of our service, which is why we decided the finding details view deserved a facelift. The improved finding details view offers more information about your findings as well as a brand new Crowdsource tag that shows you which modules were submitted to us by Disposable mail Crowdsource hackers.

What’s new?

Updated design

We have refreshed the look and feel of the finding details view, displaying the information you’re used to working with (such as Request and response headers, Details, and Resources) in a clear and structured way.

Threat score for every individual finding

The threat score that you probably recognise from your scan profile overview has now been added to the finding details for each individual finding. The score is based on the CVSS v2 scale and illustrates the severity of the finding, helping you structure your work with security and prioritise the most critical findings.

You can read more about interpreting the Disposable mail threat score here.

Crowdsource tag

Our ethical hacking platform Disposable mail Crowdsource allows us to work with some of the world’s best security researchers and we thought it only right to highlight their contribution to our service. This is now possible thanks to the new Crowdsource tag! If your finding was discovered by a module submitted to us by a Crowdsource hacker, you will see a purple “Crowdsource” tag in your finding details.

Do you have comments about our latest release or suggestions for a future update? Let us know!

Happy scanning!

The Disposable mail Team

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

New email notification settings | Disposable mail Blog – 10 minute mail

Wouldn’t it be great if you could receive an email notification from Disposable mail every time a new finding is discovered? We have good news for you – our latest release brings you this useful functionality! Based on the great feedback we received from our customers, we have updated Disposable mail email notifications settings that now allow you to customise the content of the emails you receive.

What’s new?

You can now adjust email notification settings on your account page by selecting one of the following options:

No notifications
This setting allows you to opt out of email notifications from Disposable mail and can be a good choice if you log in on a regular basis or are using one of our developer tool integrations to stay up to date with your scans.

Scan notifications
This is the standard email notification setup that sends you an email when we finish scanning your scan profile. If you like being notified when a new report is available, but prefer checking out the details in the tool, this is the setting for you.

Custom notifications
This is where the fun begins! Enable this setting, then define email triggers (scan started/finished, high severity findings, medium severity findings, and new findings only) for each of your scan. If you’re working with multiple scan profiles, prioritisation is key and detailed notifications can save you a lot of time.

Set up custom notifications

To enable custom notifications, go to your account, select Custom Notifications and click on Save Settings.

Enable custom notifications

Enable custom notifications

Head over to your scan profile, select Settings > Integrations, scroll all the way down to Email Notifications and specify the notification triggers for your scan profile. All set!

Adjust Disposable mail email notification settings for your scan profile

Adjust Disposable mail email notification settings for your scan profile

Please note that selecting multiple email triggers might generate a lot of emails. Changing email notification settings in Integrations will affect all users in your team, so remember to give your fellow team members a heads up before changing custom notifications.

Happy scanning!

The Disposable mail Team

We believe security should be easy to integrate into your workflow, which is why we are always looking for new ways to make the Disposable mail experience as intuitive as possible. If you have any feedback for us, go ahead and drop us a line. We’d love to hear from you!

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

The advanced graph – a new way to work with your findings – 10 minute mail

We’ve spent quite some time figuring out how we could make it easier for you to work with your Disposable mail findings. Working closely with some of our clients, we’ve developed a new graph that makes it easier to see what has happened between your scans over time.

Disposable mail Advanced Graph

Keep track of your findings with the advanced graph

It might look a bit scary at first but hey – don’t worry. In this blogpost we’ll guide you through the numbers and how to interpret them.

Basic Navigation

As usual, you can see the CVSS score of the vulnerability with the highest severity at the top of the graph and the dates of the scans at the bottom.

Disposable mail new advanced graph navigation

The new graph shows you a detailed overview of your Disposable mail scans

Finding severity categories and “Resolved”

In the square boxes you can find the different finding severity categories – high, medium and low. This number represents the number of findings belonging to each of these categories. At the bottom, there is a circle with the number of Resolved vulnerabilities for each scan. “Resolved” includes two types of findings:

Fixed: the number of findings tagged as fixed at a particular scan

Uncategorized: if you tag a finding as an “Accepted Risk” or a “False Positive”, it will show up here.  Findings can also appear in this category if you have fixed vulnerabilities without tagging them as “Fixed”,  or because the same finding could not be detected in two consecutive scans. The main reason for this is that the scope of the scan is too big, which causes our scanner to identify fewer findings. If you narrow down the scope of the scan (by, for example, breaking down your scan profile into multiple smaller profiles), we will be able to crawl your site more thoroughly and identify more security issues.

If you hover over the “Resolved” circle, you can see the exact number of “Fixed” and “Uncategorized” findings.

You can now see how many findings you have fixed in between scans

Findings Increment and Resolved

The small circles at the top of the square boxes indicate the increment or decrement (same as resolved) of findings for each category over time. The increment can consist of:

1) new vulnerabilities that we have released

or

2) new code that has been released on your end and is vulnerable.

The decrement, on the other hand, is the total number of resolved findings between two scans.

The old graph will still be accessible as the default graph in the tool. However, the new advanced graph can help you work more actively with security, so we recommend you to give it a try! If you have any feedback on the advanced graph or questions about using it, feel free to drop us a line.

Happy scanning!

The Disposable mail Team

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.