Capability architecture
Technology Fingerprinting: context, validation and evidence.
This capability contributes to the same platform outcome: understanding realistic attacker exposure and proving what matters.
01Why it matters
- Technology context changes which tests matter and which exploit paths are plausible.
- Version banners alone are not enough; teams need evidence and confidence.
- Fingerprinting improves attack-path reasoning and reduces irrelevant testing.
02ThreatCanary approach
- Use service probes, HTTP analysis, headers, TLS, screenshots, signatures and behavioural clues.
- Link technologies to assets, APIs, vulnerabilities, methodologies and tool selection.
- Maintain confidence and evidence for each fingerprint.
03What it validates or reveals
- Technologies, frameworks and versions where observable.
- Targets for specific vulnerability intelligence or methodology.
- Technology clusters suitable for campaign-based validation.
04Evidence and outputs
- A clear explanation of the exposure, affected assets and likely attack path.
- Reproducible evidence suitable for analysts, developers and risk owners.
- Prioritisation based on exploitability, business impact, sensitive data and chainability.
- Owner, remediation and workflow context that can move into Jira, Slack, SIEM or reporting.
