AppSpider release announcements for October 2016

Document created by Gary Sabala Employee on Oct 4, 2016Last modified by Gary Sabala Employee on Oct 17, 2016
Version 4Show Document
  • View in full screen mode

Rapid7 releases coverage updates for AppSpider to help you protect your environment against ever-evolving security threats. This page contains detailed announcements for the most recent AppSpider coverage releases:

 

  • AppSpider Pro Release 6.14.015: October 4, 2016
  • AppSpider Pro Release 6.14.019: October 11, 2016
  • AppSpider Enterprise Release 3.8.067: October 11, 2016

________________________________________________________________________________ ______________________

AppSpider Pro 6.14.019 Release:

 

Application enhancements | product

Improvements to how the application integrates and presents scan data, and how it performs overall, help you to manage security issues more effectively in your environment:

  • Resolved issue with the AppSpider request builder which impacted the imports of Swagger API documents in certain cases.
  • Resolved issue for certain scenarios where after a completed scan the Overall progress and Attacked progress bar never fully completes in the UI.
  • Resolved issue with the importation of Swagger API documents into the Swagger utility.
  • Resolved issue of AppSpider failing to start a scan that had proxy logs.

 

Accuracy enhancements | product

Better accuracy of scan results helps you to assess your security posture and prioritize remediation more effectively:

  • Addressed false positive issue in the Server Type Disclosure attack module.
  • Updated the Information Leakage passive module to address IP address false positive issue.
  • Improved the OOB XSS and XSSReverseClickjacking attack modules to increase the findings data to assist in vulnerability validation.

 

AppSpider Enterprise 3.8.067 Release:

 

Application enhancements | product

Improvements to how the application integrates and presents scan data, and how it performs overall, help you to manage security issues more effectively in your environment:

  • Added new Baseline Comparison report which can be found in the Findings menu of AppSpider Enterprise.
  • Resolved a csv data export issue the export of large data sets.
  • Fixed issue with the ASE scan engine update feature that in certain cases impacted the ability to successfully update the scan engine.
  • Updated the ASE installer to taken into account the existing values customers have set in the ntoe.config and web.config files.

________________________________________________________________________________ __

AppSpider Pro 6.14.015 Release:

Scanning enhancements | product

Better scan performance helps you to retrieve scan results more quickly with improved accuracy and more efficient use of resources:

  • AppSpider crawler has been update to reduce the crawling of duplicate .js and .css resources to minimize duplicate crawling/attacking.

 

Application enhancements | product

Improvements to how the application integrates and presents scan data, and how it performs overall, help you to manage security issues more effectively in your environment:

  • AppSpider is now passing parameters to multiple attack modules in the scan config xml.
  • Upgraded the .NET version installed by the AppSpider engine to resolve a engine crash issue that was introduced due to a bug in the previous installed version of .NET.

Attachments

    Outcomes