Pentera launched Credential Exposure on the Pentera platform, a module for testing stolen and compromised credentials against the complete enterprise attack surface. Pentera is the market leader in Automated Security Validation, enabling any organization to test the integrity of all cybersecurity layers with ease, revealing true, current security exposures at any time and scale. Pentera is used by thousands of security professionals and service providers worldwide to guide remediation and close security gaps before they are exploited.
Credential leaks and theft pose a significant risk to organizations worldwide. According to the 2022 Data Breach Investigations Report (DBIR), over 80% of Web Application breaches involve compromised credentials. Every year, billions of credentials are discovered on the dark web, paste sites, and in data dumps shared by cyber criminals. These credentials are frequently used in account takeover attacks, exposing organizations to breaches, ransomware, and data theft.
Ran Tamir, Chief Product Officer at Pentera, stated, “We see a dramatic increase in identity-related threats, specifically in the number of leaked credentials available to attackers. These, alongside credential stuffing techniques, allow attackers to gain access to valid accounts, resulting in a breach”.
The Pentera platform exploits both internal and external attack surfaces by combining real-world leaked credential data with its active validation engine. It employs hashed or clear text credentials in millions of attack vectors and provides near real-time credential exposure mitigation steps such as password reset or hardening users’ MFA policies and limiting privileges at risk.
“By integrating leaked credentials threat intelligence into Pentera, we offer our customers a unique solution of actionable threat intelligence based on credentials that are already available online. This enables continuous validation of account exposure and a remediation plan before the accounts are compromised”, said Ran Tamir.