Patrowl

At Patrowl, we like to say we cover every type of vulnerability on external attack surfaces. These type of vulnerabilities can be divided into different categories:

#1 : the “known” or “published” vulnerability : the CVEs/CNNVD/etc. Everyday, a large number of CVE are published affecting a very large number of equipment, library or even framework. Patrowl is CERT and is monitoring continuously the publication of vulnerabilities or exploitation code, and will warn you in the most accurate way possible if this particular CVE is impacting your external attack surface or not (cf Link)

#2 : The specific vulnerabilities. Most of the time, when we talk about vulnerabilities we directly refer to CVEs. But CVE are only a very tiny fraction of the flaw exploited on an external attack surface. Most of flaws are caused by human error in development deployment, configuration etc. Theses vulnerabilities will never have a CVEs but are the most dangerous ones. Example: Injections, critical widely exposed, access control default, default password etc. (See how Patrowl find

#3 : The 0 Days. Sometime, our automation coupled with our expertise allow us to find 0- Day vulnerabilities on specific product, plugins or library. In that case, Patrowl will handle the communication with the editor, and provide you precise information for mitigate exploitation the time we have a response and a patch available from the editor (ex: <a href="https://patrowl.io/blog-warning-to-a-csrf-the-cve-cve-2023-5982" rel="nofollow noopener noreferrer" target="_blank">https://patrowl.io/blog-warning-to-a-csrf-the-cve-cve-2023-5982</a>, <a href="https://patrowl.io/blog-omnispace-from-automated-xss-to-rce-cve-2023-40228%E2%80%A6" rel="nofollow noopener noreferrer" target="_blank">https://patrowl.io/blog-omnispace-from-automated-xss-to-rce-cve-2023-40228…</a>) (see Is Patrowl finding 0days?)

- #1 : the “known” or “published” vulnerability : the CVEs/CNNVD/etc. Everyday, a large number of CVE are published affecting a very large number of equipment, library or even framework. Patrowl is CERT and is monitoring continuously the publication of vulnerabilities or exploitation code, and will warn you in the most accurate way possible if this particular CVE is impacting your external attack surface or not (cf Link)
- #2 : The specific vulnerabilities. Most of the time, when we talk about vulnerabilities we directly refer to CVEs. But CVE are only a very tiny fraction of the flaw exploited on an external attack surface. Most of flaws are caused by human error in development deployment, configuration etc. Theses vulnerabilities will never have a CVEs but are the most dangerous ones. Example: Injections, critical widely exposed, access control default, default password etc. (See how Patrowl find
- #3 : The 0 Days. Sometime, our automation coupled with our expertise allow us to find 0- Day vulnerabilities on specific product, plugins or library. In that case, Patrowl will handle the communication with the editor, and provide you precise information for mitigate exploitation the time we have a response and a patch available from the editor (ex: <a href="https://patrowl.io/blog-warning-to-a-csrf-the-cve-cve-2023-5982" rel="nofollow noopener noreferrer" target="_blank">https://patrowl.io/blog-warning-to-a-csrf-the-cve-cve-2023-5982</a>, <a href="https://patrowl.io/blog-omnispace-from-automated-xss-to-rce-cve-2023-40228%E2%80%A6" rel="nofollow noopener noreferrer" target="_blank">https://patrowl.io/blog-omnispace-from-automated-xss-to-rce-cve-2023-40228…</a>) (see Is Patrowl finding 0days?)