AppSpider release announcements for September 2016

Document created by Gary Sabala Employee on Sep 8, 2016Last modified by Gary Sabala Employee on Sep 29, 2016
Version 8Show Document
  • View in full screen mode

Rapid7 releases coverage updates for AppSpider to help you protect your environment against ever-evolving security threats. This page contains detailed announcements for the most recent AppSpider coverage releases:

 

  • AppSpider Release 6.14.014: September 29, 2016
  • AppSpider Release 6.14.012: September 15, 2016
  • AppSpider Release 6.14.010: September 8, 2016

 

________________________________________________________________________________ __________________________________________

AppSpider Pro 6.14.014 Release:

Scanning enhancements | product

Better scan performance helps you to retrieve scan results more quickly with improved accuracy and more efficient use of resources:

  • Updated the passive attacks notifications to remove bottlenecks and speed up the scanner.

 

Application enhancements | product

Improvements to how the application integrates and presents scan data, and how it performs overall, help you to manage security issues more effectively in your environment:

  • Resolved issue to allow AppSpider to expire cookies according to the expiration date set by Max-Age attribute.
  • Resolved issue for the scenario of the regenerate a report function from the Main tab after a scan successfully completes throws an error stating that a scan is still running.
  • A problem with request cookie lines being too long has been resolved.
  • The AppSpider's installer deploy a new Visual Studio 2013 Runtime redistributable package to improve installation stability on Windows 8 clients.
  • Updated SOAP API for the PingSpiderCom SOAP method to include COM error for enhanced debugging support.
  • Updated the CORS module to address a typo in the module description and module analysis.

 

Accuracy enhancements | product

Better accuracy of scan results helps you to assess your security posture and prioritize remediation more effectively:

  • Updated privilege Escalation module to use HTTP Credentials during attack (when provided).
  • Resolved false negative issue regarding missed Javascript Redirect Vulnerability.

__________________________________________________________

AppSpider Pro 6.14.012 Release:

Scanning enhancements | product

Better scan performance helps you to retrieve scan results more quickly with improved accuracy and more efficient use of resources:

  • Improved crawling capability of ReactJS enabled Single Page Applications by updating support to the latest React JS version.

Application enhancements | product

Improvements to how the application integrates and presents scan data, and how it performs overall, help you to manage security issues more effectively in your environment:

  • The VulnerabilitiesSummary files now contain session strength finding details in an additional format.

_____________________________________________________

AppSpider Pro 6.14.010 Release:

Scanning enhancements | product

Better scan performance helps you to retrieve scan results more quickly with improved accuracy and more efficient use of resources:

  • New attack configuration option MaxVulnLimitPerAttack added. The option will limit number of discovered vulnerabilities per attack.

 

Application enhancements | product

Improvements to how the application integrates and presents scan data, and how it performs overall, help you to manage security issues more effectively in your environment:

  • Addressed bug related to the integration of Defend into AppSpider Pro which in certain cases could cause the UI to become unresponsive.
  • Resolved issue with traffic recording files dropping traffic requests when saved in a paros (txt) format.
  • Updated HTTP Headers error string to report readable charsets.
  • Addressed issue with Request Builder Host field having errors in recognizing port numbers and protocols.
  • An issue was resolved with empty passwords that resulted in traffic logs containing large numbers of spurious asterisks.
  • Passwords are now properly obscured in the traffic log when login macros are used.
  • The Traffic Recorder has been enabled to load documents of the type application/json.
  • Updated Defend integration to get scan results findings from the Allfindings JSON.
  • Resolved UI user experience issue when Binary content is detected.
  • Fixed a problem that resulted in Login Macro playback failure that was reproducible as a blank embedded browser screen.

 

Accuracy enhancements | product

Better accuracy of scan results helps you to assess your security posture and prioritize remediation more effectively:

  • The Server Side Inclusion module has been improved to exclude certain likely false positive responses.
  • Updated the CORS attack module to reduce false positive issues reported by customers.
1 person found this helpful

Attachments

    Outcomes