![Are Your Apps Exposed? Know Faster With Application Discovery in InsightAppSec](https://blog.rapid7.com/content/images/2022/08/application-discovery.jpg)
Yes, I know what applications we have publicly exposed.
How many times have you said that with confidence? I bet not too many. With the rapid pace of development that engineering teams can work at, it is becoming increasingly difficult to know what apps you have exposed to the internet, adding potential security risks to your organization.
This is where [InsightAppSecs]() new application discovery feature, powered by Rapid7s [Project Sonar](), can help to fill in these gaps.
## What exactly is application discovery?
Using the data supplied by Project Sonar which was started almost a decade ago and conducts internet-wide surveys across more than 70 different services and protocols you can enter a domain within InsightAppSec and run a discovery search. You will get back a list of results that are linked to that initial domain, along with some useful metadata.
We have had this feature open as a beta for various customers and received real-world examples of how they used it. Here are two key use cases for this functionality.
### Application ports
After running a discovery scan, one customer noticed that a business-critical web application was found on an open port that it shouldnt have been on. After getting this data, they were able to work with that application team and get it locked down.
### App inventory
Various customers noted that running a discovery scan helped them to get a better sense of their public-facing app inventory. From this, they were able to carry out various tasks, including_ _checking the list against their own list for accountability purposes and having relevant teams review the list before attacking._ _They did this by exporting the discovery results to a CSV file and reviewing them outside of InsightAppSec.
## How exactly does it work?
Running a discovery search shouldn’t be difficult, so weve made the process as easy as possible. Start by entering a domain that you own, and hit Discover. This will bring back a list of domains, along with their IP, Port, and Last Seen date (based on the last time a Sonar scan has found it.)
![Are Your Apps Exposed? Know Faster With Application Discovery in InsightAppSec](https://blog.rapid7.com/content/images/2022/08/image2-4.png)
![Are Your Apps Exposed? Know Faster With Application Discovery in InsightAppSec](https://blog.rapid7.com/content/images/2022/08/image3-3.png)
From here, you could add a domain to your allow list and then run a scan against it, using the scan config setup process.
![Are Your Apps Exposed? Know Faster With Application Discovery in InsightAppSec](https://blog.rapid7.com/content/images/2022/08/image4-3.png)
If you see some domains that you are not sure about, you might decide that you need to know more about the domains before you run a scan. You can do this by exporting the data as a CSV and then running your own internal process on these before taking any next steps.
![Are Your Apps Exposed? Know Faster With Application Discovery in InsightAppSec](https://blog.rapid7.com/content/images/2022/08/image1-4.png)
## How do I access application discovery?
Running a discovery scan is currently available to all InsightAppSec Admins, but Admins can grant other users or sets of users access to the feature using the InsightPlatform role-based access control feature.
_**Additional reading:**_
* _[Deploy tCell More Easily With the New AWS AMI Agent]()_
* _[Its the Summer of AppSec: Q2 Improvements to Our Industry-Leading DAST and WAAP]()_
* _[Application Security in 2022: Where Are We Now?]()_
* _[API Security: Best Practices for a Changing Attack Surface]()_
#### NEVER MISS A BLOG
Get the latest stories, expertise, and news about security today.
SubscribeRead More
References
Back to Main