AppSpider release announcements for November 2016

Document created by Gary Sabala Employee on Nov 14, 2016Last modified by Gary Sabala Employee on Dec 1, 2016
Version 6Show Document
  • View in full screen mode

Rapid7 releases coverage updates for AppSpider to help you protect your environment against ever-evolving security threats. This page contains detailed announcements for the most recent AppSpider coverage releases:

 

  • AppSpider Enterprise Release 3.8.081  November 29, 2016
  • AppSpider Pro Release 6.14.022: November 23, 2016
  • AppSpider Enterprise Release 3.8.079  November 23, 2016
  • AppSpider Pro Release 6.14.021: November 11, 2016
  • AppSpider Enterprise Release 3.8.072  November 11, 2016

 

________________________________________________________________________________ _____

 

AppSpider Enterprise 3.8.081 Release:

Improvements to how the application integrates and presents scan data, and how it performs overall, help you to manage security issues more effectively in your environment:

• Fixed report generation issue introduced in the 3.8.079 release.

 

AppSpider Pro 6.14.022 Release:

Application enhancements | product

Improvements to how the application integrates and presents scan data, and how it performs overall, help you to manage security issues more effectively in your environment:

• Fixed issue with Macro authentication which in certain cases when multiple browser window” scenario (when login opens a second browser window for the site navigation) caused a failed authentication when a macro was used. 

• Resolved scan failure issue during One-Time-Token detection.

• Updated the OAuth login capabilities to include the "resource" parameter in the POST to the authorization server.

• Improve Expression Language Injection module to address false negative issues.

• Addressed issue with the Macro windows closing prematurely interrupting macro execution. 

• Updated CSRF attack module vulnerability description to provide addition user information related to the modules functionality.

• Updated the Logic Abuse attack module to address reported false positive issues. 

• Fixed exception issue in the Defend tool which in certain cases impacted the loading of the vulnerability summery XML.

 

AppSpider Enterprise 3.8.079 Release:

This release contained enhancements for the AppSpider On-demand/Cloud offering so no need for On-Premise users to upgrade to this release.

 

AppSpider Pro 6.14.021 Release:

Application enhancements | product

Improvements to how the application integrates and presents scan data, and how it performs overall, help you to manage security issues more effectively in your environment:

• Addressed memory consumption / network request failures because of cookie identification issue.

• Addressed issue with the request builder showing an error which was caused by the bad content type header returned by server.

• Modification made to allow local machine users access to the both scan engine objects: NTOScanEngine and ScanEngSvc.

• Addressed reported .json file swagger utility parsing errors.

• Addressed selenium execution stability issues which impacted scanning capabilities in certain use cases.  

• Resolved issue with Traffic Recorder using Upstream Proxy – HTTPS not working as expected.

• Addressed condition involving sub-cookies that resulted in unacceptably long cookie headers has been addressed.

 

 

AppSpider Enterprise 3.8.072 Release:

Application enhancements | product

Improvements to how the application integrates and presents scan data, and how it performs overall, help you to manage security issues more effectively in your environment:

• Added ability to apply configuration changes across a large number of scan configurations has been added.

• Addressed issue with report generation for XML and JSON taking too long to complete.

• Fixed issue with Monitoring scans not honoring target restriction.

• Addressed issues causing AppSpider Ondemand outages.

Addressed issue with If client was created by sysadmin with POC flag - it doesn't appear in the client list.

Attachments

    Outcomes