ShadowTrackr

Log in >
RSS feed

Website redirect grading change

27 April 2021
Last weeks saw lots of small improvements and bug fixes. Some are noticeable, like search results paging in the GUI. Others concern edge cases or events that do not apply to everyone, like better detection for Drupal, F5 BigIP and Fortinet.

The most noticeable is probably the grade change on redirected websites. When you fully redirect a website with a 301 or 302, there is no content served. Technically, you can set security headers to prevent things like an XSRF attack. But as there is no content served, you can’t perform an actual XSRF attack. You might be able to do so on the redirect destination, but that is a different website with its own content and its own grade.

One client had a lot of these redirects and they all showed up with a big red F in the reports. While it would be fixable by setting the security headers anyway, this is not what the color red is supposed to mean in ShadowTrackr. Red is a problem, and means that you need to fix it as soon as possible. Red is dangerous, unlike orange which is a warning and means that you should fix it when you have the time.

So, security headers related to content on fully redirected websites are no longer counted in your website grades.

System tags and NOREPORT

19 April 2021
Tags are a growing thing and are getting some serious development attention. Right now you can add multiple tags to assets, and these can be use to create custom graphs. We intend to expand tags so use can use them to customize how ShadowTrackr behaves. Needs differ. One client is happy to see all websites with a 404 or 503 response in the reports, another does not want them in the reports.

The latest addition are system tags, and this week we start with the first one: “NOREPORT”. If you tag an asset as NOREPORT ShadowTrackr will still monitor the asset and even send alerts if you have configured them, but the asset will not appear in any reports. Not even in the weekly pdf. System tags are blue and all caps. You can still add your own tags of course and these will appear in purple. In the coming weeks you’ll see more system tags appearing and in due time we also intend to support custom reports based on tags.

Stability improvements

22 March 2021
A lot of work has been done the last few weeks, but you might not have noticed. Most time has been spent reducing complexity, which is always a good thing. Quite some code was shared between the GUI, the public website and the API. Also, test code was running from a different directory instead of from a different url, making it necessary to have some nasty config checks in the main code.

That has all changed now. The source code has been refactored and now all parts have proper separation. On top off that ShadowTrackr now uses a Continuous Integration pipeline: on every code check-in we run automated sanity checks and tests.
Older posts >

Overview
Use cases
Plans and pricing
FAQ
Resources
API
Blog
Documentation
Integrations
Shodan
OpenCTI
Company
About
Contact us
Legal & Policy