AppSpider release announcements for September 2016

Document created by Gary Sabala Employee on Sep 8, 2016Last modified by Gary Sabala Employee on Sep 16, 2016
Version 6Show Document
  • View in full screen mode

Rapid7 releases coverage updates for AppSpider to help you protect your environment against ever-evolving security threats. This page contains detailed announcements for the most recent AppSpider coverage releases:

 

  • AppSpider Release 6.14.012: September 15, 2016
  • AppSpider Release 6.14.010: September 8, 2016

 

________________________________________________________________________________ __________________________________________

AppSpider Pro 6.14.012 Release:

Scanning enhancements | product

Better scan performance helps you to retrieve scan results more quickly with improved accuracy and more efficient use of resources:

  • Improved crawling capability of ReactJS enabled Single Page Applications by updating support to the latest React JS version.

Application enhancements | product

Improvements to how the application integrates and presents scan data, and how it performs overall, help you to manage security issues more effectively in your environment:

  • The VulnerabilitiesSummary files now contain session strength finding details in an additional format.

_____________________________________________________

AppSpider Pro 6.14.010 Release:

Scanning enhancements | product

Better scan performance helps you to retrieve scan results more quickly with improved accuracy and more efficient use of resources:

  • New attack configuration option MaxVulnLimitPerAttack added. The option will limit number of discovered vulnerabilities per attack.

 

Application enhancements | product

Improvements to how the application integrates and presents scan data, and how it performs overall, help you to manage security issues more effectively in your environment:

  • Addressed bug related to the integration of Defend into AppSpider Pro which in certain cases could cause the UI to become unresponsive.
  • Resolved issue with traffic recording files dropping traffic requests when saved in a paros (txt) format.
  • Updated HTTP Headers error string to report readable charsets.
  • Addressed issue with Request Builder Host field having errors in recognizing port numbers and protocols.
  • An issue was resolved with empty passwords that resulted in traffic logs containing large numbers of spurious asterisks.
  • Passwords are now properly obscured in the traffic log when login macros are used.
  • The Traffic Recorder has been enabled to load documents of the type application/json.
  • Updated Defend integration to get scan results findings from the Allfindings JSON.
  • Resolved UI user experience issue when Binary content is detected.
  • Fixed a problem that resulted in Login Macro playback failure that was reproducible as a blank embedded browser screen.

 

Accuracy enhancements | product

Better accuracy of scan results helps you to assess your security posture and prioritize remediation more effectively:

  • The Server Side Inclusion module has been improved to exclude certain likely false positive responses.
  • Updated the CORS attack module to reduce false positive issues reported by customers.
1 person found this helpful

Attachments

    Outcomes