Web applications are the cornerstone of anything on the publicly accessible internet. Due to the complexities of the software development life cycle, developers tend to embed secrets within the source code of the applications. As the code-base enlarges, developers often fail to redact the sensitive data before deploying it to production.
At RedHunt Labs, (under Project Resonance), we frequently conduct internet-wide research in different shapes and formats to understand the state of security across the internet. In this iteration, we conducted a study about the current state of DNS configurations (SPF, DKIM and DMARC records) from a security perspective. We scanned more than 2.2 billion domains but before we discuss the insights, let’s quickly go over the basics.
Docker is a popular tool that has become synonymous with containers. Docker can build images and run containers. The tool also allows its users to upload their docker images to Docker Hub – the container image registry from Docker Inc. that helps share images. Docker Hub allows free public repositories for images.
During this research, we found more than 1.6 million unique user accounts on Docker Hub. There are more than 6.3 million public repositories at the time of writing this blog.
Internet-wide research on the security posture of databases exposed on the internet. This blog contains all the specifics and analysis of results.
We analyzed the top 1,000 GitHub organizations. It involved scanning 38,691 GitHub repositories (Ruby, Python, JavaScript, Go, and PHP code).
We analyzed 65 million web servers resulting in interesting insights. Also, we are releasing a few datasets from our internet scan results for the community.
This blog post is about misconfigured CNAME records that can cause subdomain takeovers on a massive scale.
Project Resonance is an effort to improve the internet security of the publicly exposed assets through the study of the services, applications, and technologies running on these assets followed by deep analysis and data correlation.
