Security insights, guides, and analysis covering attack surface management, vulnerability scanning, and infrastructure security.https://surfaceloop.com/https://surfaceloop.com/blog/what-is-a-cve/https://surfaceloop.com/blog/what-is-a-cve/CVE identifiers explained for IT and security teams. Learn how CVEs are assigned, how CVSS scoring works, and how to use the NVD to assess risk.Thu, 28 May 2026 00:00:00 GMThttps://surfaceloop.com/blog/vulnerability-scanning-external-assets/https://surfaceloop.com/blog/vulnerability-scanning-external-assets/A practical guide to scanning internet-facing assets for CVEs. Covers tools, techniques, and how to interpret and act on scan results.Thu, 28 May 2026 00:00:00 GMThttps://surfaceloop.com/blog/critical-cves-internet-facing-services/https://surfaceloop.com/blog/critical-cves-internet-facing-services/Recent high-impact CVEs in VPN gateways, web servers, and network devices. Learn which vulnerabilities attackers are actively exploiting.Thu, 28 May 2026 00:00:00 GMThttps://surfaceloop.com/blog/most-dangerous-open-ports/https://surfaceloop.com/blog/most-dangerous-open-ports/Which open ports pose the greatest security risk. Covers SSH, RDP, databases, SMB, and other commonly exploited services with attack scenarios.Thu, 28 May 2026 00:00:00 GMThttps://surfaceloop.com/blog/how-to-audit-open-ports/https://surfaceloop.com/blog/how-to-audit-open-ports/A practical guide to discovering and auditing open ports across your internet-facing infrastructure using Nmap, Masscan, and EASM tools.Thu, 28 May 2026 00:00:00 GMThttps://surfaceloop.com/blog/securing-remote-access-ports/https://surfaceloop.com/blog/securing-remote-access-ports/How to harden remote access services exposed to the internet. Covers SSH key authentication, RDP security, VPN hardening, and zero-trust alternatives.Thu, 28 May 2026 00:00:00 GMThttps://surfaceloop.com/blog/preventing-tls-certificate-expiry/https://surfaceloop.com/blog/preventing-tls-certificate-expiry/How to prevent TLS certificate expiry using ACME automation, monitoring, and certificate lifecycle management. Avoid outages before they happen.Thu, 28 May 2026 00:00:00 GMThttps://surfaceloop.com/blog/weak-cipher-suites-explained/https://surfaceloop.com/blog/weak-cipher-suites-explained/Which TLS cipher suites are insecure and why. Learn how to identify weak ciphers on your servers and configure modern, secure cipher suites.Thu, 28 May 2026 00:00:00 GMThttps://surfaceloop.com/blog/content-security-policy-guide/https://surfaceloop.com/blog/content-security-policy-guide/How to implement Content-Security-Policy from scratch. Covers report-only mode, nonce-based scripts, common directives, and deployment strategies.Thu, 28 May 2026 00:00:00 GMThttps://surfaceloop.com/blog/hsts-preloading-guide/https://surfaceloop.com/blog/hsts-preloading-guide/How to deploy HSTS and submit your domain to browser preload lists. Covers max-age, includeSubDomains, the preload directive, and common pitfalls.Thu, 28 May 2026 00:00:00 GMThttps://surfaceloop.com/blog/security-headers-checklist/https://surfaceloop.com/blog/security-headers-checklist/An actionable checklist of HTTP security headers every web application should set. Includes recommended values, server configuration, and common mistakes.Thu, 28 May 2026 00:00:00 GMThttps://surfaceloop.com/blog/certificate-transparency-subdomain-discovery/https://surfaceloop.com/blog/certificate-transparency-subdomain-discovery/Certificate transparency logs are a free, passive source for discovering subdomains. Learn how CT logs work and how to use them for attack surface mapping.Tue, 26 May 2026 00:00:00 GMThttps://surfaceloop.com/blog/dmarc-enforcement-step-by-step/https://surfaceloop.com/blog/dmarc-enforcement-step-by-step/Most DMARC deployments stall at p=none. This guide walks you from monitoring to full enforcement - the step where your domain actually becomes protected.Tue, 26 May 2026 00:00:00 GMThttps://surfaceloop.com/blog/how-attackers-spoof-your-domain/https://surfaceloop.com/blog/how-attackers-spoof-your-domain/Email spoofing lets attackers send messages as your domain. Learn the techniques they use and how SPF, DKIM, and DMARC stop them.Tue, 26 May 2026 00:00:00 GMThttps://surfaceloop.com/blog/forgotten-subdomains-shadow-it/https://surfaceloop.com/blog/forgotten-subdomains-shadow-it/Forgotten subdomains and shadow IT expand your attack surface invisibly. Learn why they appear, what risks they create, and how to discover them.Tue, 26 May 2026 00:00:00 GMThttps://surfaceloop.com/blog/subdomain-takeover-explained/https://surfaceloop.com/blog/subdomain-takeover-explained/Subdomain takeover lets attackers serve content on your domain. Learn how dangling DNS records create this risk and how to detect and prevent takeovers.Tue, 26 May 2026 00:00:00 GMThttps://surfaceloop.com/blog/exposed-admin-panels-breaches/https://surfaceloop.com/blog/exposed-admin-panels-breaches/Admin panels left open to the internet have caused major breaches. See real examples and learn how to prevent your organisation becoming the next case study.Tue, 26 May 2026 00:00:00 GMThttps://surfaceloop.com/blog/default-credentials-risk/https://surfaceloop.com/blog/default-credentials-risk/Factory-set usernames and passwords remain one of the easiest ways into an organisation. Why default credentials persist and how to eliminate them.Tue, 26 May 2026 00:00:00 GMThttps://surfaceloop.com/blog/spf-dkim-dmarc-complete-guide/https://surfaceloop.com/blog/spf-dkim-dmarc-complete-guide/A step-by-step guide to configuring SPF, DKIM, and DMARC for your domain. Protect against email spoofing with correctly configured email authentication.Tue, 26 May 2026 00:00:00 GMThttps://surfaceloop.com/blog/find-exposed-admin-panels/https://surfaceloop.com/blog/find-exposed-admin-panels/A practical guide to discovering admin panels, management consoles, and login pages exposed on your external attack surface before attackers do.Tue, 26 May 2026 00:00:00 GMT