Abstract: A method and system for protecting an application from unsecure network exposure. The method includes identifying an at-risk application, wherein identifying the at-risk application further comprises determining that the application is configured incorrectly; identifying at least one port through which the at-risk application is accessible when the at-risk application is determined to be configured incorrectly; and determining, based on the identified at least one port through which the at-risk application is accessible, whether an exposure vulnerability exists, wherein the exposure vulnerability is an unapproved exposure of at least one of the at least one port to external resources.

Abstract: A method and system for protecting an application from unsecure network exposure. The method includes identifying at least one port through which the application is accessible when the application is not configured correctly, wherein the application is executed at a host device connected to at least one network, the host device having the at least one port; sending, to an external resource, connection data for connecting to the application via the at least one port, wherein the external resource is configured to attempt to connect to the application based on the connection data and to return results of the connection attempt; determining, based on the results of the connection attempt, whether an exposure vulnerability exists; and performing at least one mitigation action when an exposure vulnerability exists.

Abstract: A method and system for protecting an application from unsecure network exposure. The method includes identifying at least one port through which the application is accessible when the application is not configured correctly, wherein the application is executed at a host device connected to at least one network, the host device having the at least one port; sending, to an external resource, connection data for connecting to the application via the at least one port, wherein the external resource is configured to attempt to connect to the application based on the connection data and to return results of the connection attempt; determining, based on the results of the connection attempt, whether an exposure vulnerability exists; and performing at least one mitigation action when an exposure vulnerability exists.