Red dots on the attack surface map

The attack surface map gives you a good overview of your assets and how they're are related. You can quickly see where most of your servers and websites are, and easily spot the outliers.Wouldn't it be great if it also showed where your problems are? Starting today, it does!

Any ip or url that is on a blacklist somewhere will turn red. Websites with troublesome certificates will be orange, and bad certificates will be red too. Of cource, there's a similar rating for servers. If a server has a troublesome port open it will be orange. The really bad ones (think pownable or DDOS amplifiers) will be red.

I'm quite happy with the result. You'll have an instant view of where most of your problems are and where you need to start improving your security. The thing that does need some work is the layout for really big (3000+ assets) organisations. It still works, but it's just not as beautiful. The attack surface map is built with D3 and it allows for very specific tweaking of the various forces in the force-layout graph that I use, so it should be solvable. I've put it on my todo list and will come back on this later. For now, have fun with the new fancy attack surface map.