AppSpider release announcements for March 2016

Document created by Kris Kaitanjian Employee on Apr 20, 2016Last modified by Rapid7 Learning Team on Apr 29, 2016
Version 6Show Document
  • View in full screen mode

Rapid7 releases coverage updates for AppSpider to help you protect your environment against ever-evolving security threats. This page contains detailed announcements for the most recent AppSpider coverage releases:

 



This Rapid7® AppSpider® 6.8.023 release includes:

 

Accuracy enhancements | product

Better accuracy of scan results helps you to assess your security posture and prioritize remediation more effectively:

      • We have improved the accuracy of the Brute Force (HTTP Authentication attack module.

 

Application enhancements | product

Improvements to how the application functions and presents scan data, and how it performs overall, helps you to manage security issues more effectively in your environment:

      • We have resolved an issue with Session Fixation that was causing systems to crash.
      • We have resolved an issue with the crawler sequence processing that was causing systems to crash.
      • We have updated our proxy server.


This Rapid7® AppSpider® 6.8.022 release includes:

 

Application enhancements | product

Improvements to how the application functions and presents scan data, and how it performs overall, helps you to manage security issues more effectively in your environment:

      • We have added capabilities to allow wildcards in the macro.
      • We have resolved a license update issue. System proxy settings during AppSpider updates are now ignored.
      • We have addressed an issue in AppSpider Express. the validate applet is now disabled.
      • The macro macro replay now supports the execution of custom JavaScript.


This Rapid7® AppSpider® 6.8.021 release includes:

 

Application enhancements | product

Improvements to how the application functions and presents scan data, and how it performs overall, helps you to manage security issues more effectively in your environment:

      • We have updated the CSRF attack module.
      • We have updated the HTTP Headers module.
      • We have disabled the assume-disconnected-timeout feature.
      • We have added the AuthConfig.LoggedInHeaderRegex property to allow AppSpider to login based on HTTP header regex.
      • We have updated the Attacker COM interface.


This Rapid7® AppSpider® 6.8.020 release includes:

 

Accuracy enhancements | product

Better accuracy of scan results helps you to assess your security posture and prioritize remediation more effectively:

      • We have improved the accuracy of the SQL Injection Auth Bypass attack module.

 

Application enhancements | product

Improvements to how the application functions and presents scan data, and how it performs overall, helps you to manage security issues more effectively in your environment:

      • AppSpider is now able to handle question/answer within a macro.
      • We have added LoggedInHeaderRegex.
      • Attack COM interface was updated to support new CSRF attack module.


This Rapid7® AppSpider® 6.8.019 release includes:

 

Application enhancements | product

      • We have resolved an issue in which multiple threads waiting for communication from IEHost resulted in a slow scan.


This Rapid7® AppSpider® 6.8.018 release includes:

 

Application enhancements | product

      • We have updated the list of attack modules in AppSpider Express.
      • We have resolved an issue in the auto form login component.
      • We have updated the Attacker COM interface.

Attachments

    Outcomes