New Features and Improvements - November 2022

As always and in the lead up to the festive period, the team have been working hard adding new features to FractalScan Surface. It’s been great for us to engage with our growing user base and understand their needs and how different people interact with the application. This allows us to really focus our engineering time in the most effective way and make sure we’re continuing to improve FractalScan Surface.

A lot of the engineering effort this month has been focussed on updates and efficiencies for how FractalScan Surface gathers and processes data, so improvements you won’t directly see in the application but will be improving your experience.

On top of these core system improvements, we have also made several changes in the FractalScan Surface application to help users interact with the scan data. I’d like to highlight two key pages we’ve updated:

• Web Presence: Where FractalScan Surface shows web page results and images
• Changes: Where FractalScan Surface shows updates to scans over time

In both cases we’ve added more advanced searching and filtering to make it easier for users to either look for certain sets of data or search for specific results.

Web presence

The web presence page presents you with images of domains available publicly on the internet, and for this reason can be one of the best ways to literally see your attack surface.

Using web presence, you can easily identify sites you may not be intending to share publicly or that are presenting bad content to your customers (e.g. domain takeovers), as well as being able to see any security risks FractalScan Surface has identified.

We wanted to build on this capability by making it much easier to explore. You can now filter the web pages in a few different ways including:

• Searching for text in the URL or Page Title
• Filtering on the status code returned by the web page
• Filtering on the content type returned by the web page
• Filtering on the encryption (HTTPS) state of the web page - more on this below
• Showing only your seed domains (the main domains for the scan)

We have also changed the labels we display for pages to show their encryption states:

• HTTPS: An encrypted page with no risks
• HTTPS Risk: An encrypted page with a risk, such as an invalid certificate
• HTTP Risk: An unencrypted web page

For web pages with encryption risks, these can now be explored by clicking on this badge, where the risk and other related components can be further explored. For example, in the case of the invalid certificate you could see if any other domains are using that certificate.

For new scans we will also now extract the page title, this is the title displayed in the browser tab when someone navigates to this page, and the icon (or favicon) also shown to someone navigating the site. This can both help you search the web pages and see what a visitor to those pages will be presented with.

Changes

Our updates to the Changes page are similar, and again we wanted to really expand on the power of this page, and its ability to dig into how a scan’s results change over time. You can now search and filter on the values shown in this page. We also wanted to make this page a little easier to use generally.

When you now navigate to Changes it will default to showing you any changes for the latest scan iteration. Alternatively, you can select an Iteration in the past to see any changes FractalScan Surface found during that iteration.

If you’d prefer to see all the changes between two dates, then you can instead choose to filter over a date range.

As part of the update we’ve renamed Target to Change, so you now have a Change indicating what changed, and the Source, for where the change occurred. In the example below, three new IP addresses are associated with the domain: autodiscover.fractalscan.com.

Finally, much like the update to the Web Presence page, you can now search and filter on:

• Text in the names of the Change or Source
• The type of the change, e.g. Risk
• The type of the source, e.g. Domain
• If the change was New or Removed

Filtering persistence

For both the Web Presence and Changes updates, any search or filtering you apply is now persisted in the URL. This means you can bookmark or share any filtering you have applied, and use it again for the same scan.

Coming soon

Despite the impending festive season, we are still pushing forward with more updates to FractalScan Surface and you can expect to see more blog posts on these soon. In the meantime some of the functionality you can look forward to includes:

• Increased ability to ignore risks associated with your scan, including removing their impact on the overall results
• Updates to how you create scans of different types; continuous or ad hoc
• More control over notifications you receive from FractalScan Surface, including a new notification when there are changes in your scan results.
• An increased ability to search and filter on data across your scan.

About Tim Cowell

Tim is an experienced software engineer, who has worked across the Defence, Government and Commercial sectors for the past 21 years. After leading a diverse range of projects Tim has a strong background in Cyber Security, software engineering, research and development practices.