Technology

Monitor the technology in use on your attack surface.

The Technology section gives you detailed information on platforms, applications, firewall services, and software that was identified during scanning, including frameworks, plugins and more.

Use Cases

  • Monitor software and third-party integrations to gain deeper insight into how your web applications are connected to third-party assets.

  • Reduce complexity by eliminating the use of multiple versions and ensuring that patching schedules are adequately maintained.

  • Discover shadow IT services that have not been properly vetted.

  • Identify out-of-date software and versions that contain publicly disclosed vulnerabilities.

Detection

Technology is detected in many ways while crawling the website such as through fingerprinting scripts, headers, and cookies. We classify technology into 4 types, each with their own sub-categories:

Platforms

Platforms are 3rd party infrastructure and applications such as CDNs, ticketing/support applications, and content management systems.

  • Hosting: Hosting services for websites, ticketing systems, etc.

  • CDN: Content delivery networks such as Cloudflare and Akamai.

  • DNS: Third-party DNS services like AWS Route53.

  • Email: Email providers and services.

  • Authentication: Authentication services like Google Sign In and Auth0.

  • Other: Other types of platforms.

Firewall

Firewall services that were identified on your network.

  • Web: HTTP servers and proxies.

  • DNS: DNS services like resolvers and caching servers.

  • Database: Database systems like MySQL.

  • Mail: Mail services like SMTP, POP3, and IMAP.

  • Access: Services used to access network resources like VPNs and SSH.

  • Other: Other network services.

JavaScript

Scripts that are being used by the site, including analytics/tracking products, ecommerce platforms, and others.

  • Framework: Web frameworks, components, and libraries.

  • Analytics: Scripts that are used for analytics and metrics.

  • Widget: 3rd party integrations that typically have a graphical component on the site.

  • Social: Social media integrations like Facebook, Twitter, and Pinterest.

  • Platform: Platform integrations for marketing, e-commerce, and others.

  • Other: Other JavaScript integrations.

Software

Frameworks represent the technology or programming language used to build the web application.

  • CMS: Content Management Systems like blogs and educational platforms.

  • Framework: Development frameworks used to build the web application.

  • Module: Plugins, modules, and add-ons for software.

  • Language: The development language of the website.

  • Other: Other types of software

We associate Technology with a number of important facets:

  • Type represents the classification of the Technology.

  • Category represents the specific function that the Technology performs.

  • Scripts that identified an application.

  • Cookies that identified an application.

  • Firewall ports where an application was identified from its banner or other fingerprinting techniques.

  • Versions that were identified from firewall banners, Javascript assets, or headers.

  • Site IDs represent a unique identifier for the technology instance

Risk

For applications and software exposed on the firewall that have a detected version, risk recommendations are made based on Recommended, Clean, Vulnerable, and Obsolete versions.

  • High ( Red):

    • Assigned when the detected version is less than or equal to the Obsolete version.

  • Medium ( Yellow):

    • Assigned when the detected version is less than the Clean version.

  • Low ( Green):

    • Assigned when the detected version matches the Recommended or Clean version.

  • Recommended: The latest release of the product.

  • Clean: Older versions of the product that are free from any publicly known vulnerabilities.

  • Vulnerable: Older versions of the product that have known vulnerabilities.

  • Obsolete: Obsolete or deprecated versions of products that are no longer maintained or have critical security issues.

Popularity

Technology is assigned a Popularity rating, indicating how common it is on the internet.

In addition to showing the prevalence of a given Technology, the Technology > List view also displays how common a particular version is.

CVE

Halo Security maintains an updated database of Common Vulnerabilities and Exposures (CVE). These are known security threats and vulnerabilities that have been reported to software vendors. In cases where a Technology version is identified, the version is compared to the CVE database to provide you with an accurate listing of known vulnerabilities you are exposed to.

CVE listings will provide links to the security advisories which will contain more information about vulnerable configurations and in most cases, steps to remediate or upgrade the software to a secure version.

Pages

  • Summary: List the technology that was discovered, the number of occurrences, and how they were discovered.

  • List: List technology per target and view the product version and site ID (if applicable) along with risk status.

  • CVE: CVEs related to technology versions that were identified on your attack surface.

Last updated