AppSpider release announcements for June 2016

Document created by Rapid7 Learning Team Employee on May 31, 2016Last modified by S Tempest on Jun 22, 2016
Version 6Show Document
  • View in full screen mode

Rapid7 releases coverage updates for AppSpider to help you protect your environment against ever-evolving security threats. This page contains detailed announcements for the most recent AppSpider coverage releases:

 


This Rapid7® AppSpider® 6.12.10 release includes:

Accuracy enhancements | product

Better accuracy of scan results helps you to assess your security posture and prioritize remediation more effectively:

    • We have expanded the scope of the HTTP Headers module to include links acquired from different sources (including form submission)..
    • We have addressed an issue with executing attacks against requests imported from a Swagger document.

This Rapid7® AppSpider® 6.12.009 release includes:

Accuracy enhancements | product

Better accuracy of scan results helps you to assess your security posture and prioritize remediation more effectively:

    • We have updated the CSRF attack module to no longer attack login pages. This will reduce the number of false positives from being reported. 
    • We have addressed an issue that prevented HTTP authentication settings from being applied to REST requests acquired from Swagger files.
    • We have addressed an issue with executing attacks against requests imported from a Swagger document.

This Rapid7® AppSpider® 6.12.008 release includes:

 

Accuracy enhancements | product

Better accuracy of scan results helps you to assess your security posture and prioritize remediation more effectively:

  • We have improved the speed of the Brute Force Form attack module. This update will increase scan speed and eliminate a large amount of error messages from being reported in the user log.
  • We have improved the detection quality of the CSRF attack module.
  • We have updated the log messages for Swagger related error reporting.

Application enhancements | product

Improvements to how the application functions and presents scan data, and how it performs overall, helps you to manage security issues more effectively in your environment:

  • We have addressed an issue that caused post-scan failure while AppSpider generated a report.
  • We have improved browser-based, simple form authentication for instances when the submit control for a login is not identified as an image or a button.

 


This Rapid7® AppSpider® 6.12.007 release includes:

 

Application enhancements | product

Improvements to how the application functions and presents scan data, and how it performs overall, helps you to manage security issues more effectively in your environment:

  • We have resolved an issue with the passive analysis module that caused scan failure.

 

 

 

 

Attachments

    Outcomes