AppSpider release announcements for January 2017

Document created by Gary Sabala Employee on Jan 12, 2017Last modified by Gary Sabala Employee on Jan 20, 2017
Version 4Show Document
  • View in full screen mode

Rapid7 releases coverage updates for AppSpider to help you protect your environment against ever-evolving security threats. This page contains detailed announcements for the most recent AppSpider coverage releases:

 

  • AppSpider Pro Release 6.14.045: January 20, 2017
  • AppSpider Pro Release 6.14.043: January 11, 2017

 

________________________________________________________________________________ _____

AppSpider Pro 6.14.045 Release:

Application enhancements | product

Improvements to how the application integrates and presents scan data, and how it performs overall, help you to manage security issues more effectively in your environment:

• Resolved UI issue to display traffic (encoded as Unicode) correctly.

• Added support for Login via HTTP header within AppSpider Pro.

• Update Proxy certificate to use SHA-256 algorithm.

• Improve handling of Unicode (UTF-16) responses within the AppSpider scan engine to improve scan quality update.

• Improved the previously released Disable DELETE verb functionality to address additional scope constraints.

• Resolved issue of ProxyServer not working if only TLS 1.1 and TLS 1.2 enabled.

• Fixed issue pertaining to Traffic Viewer not showing traffic body for some responses.

• Resolved issue of UI displaying traffic incorrectly when header encoding is different with body encoding.

• For AppSpider Defend a carriage return after each of the signature generated has been added to minimize WAF import issues.

• Resolved issue impacting CrossDomain policy check functionality. 

• Added the ability to upload the DLL files to the engine machine, but do not attempt to execute them to support cases where the files are used as helper files for other selenium.exe binaries. 

AppSpider Pro 6.14.043 Release:

Application enhancements | product

Improvements to how the application integrates and presents scan data, and how it performs overall, help you to manage security issues more effectively in your environment:

• Improve handling of Unicode (UTF-16) responses within the AppSpider scan engine to improve scan quality.

• Addressed reporting issue related to unwanted characters at the end of a Unicode response.

• Fixed SOAP API configuration to address issue of upgrading on premise scan engine to the latest AppSpider Pro version overwrites scan engine password.

• Updated the AppSpider Swagger API parser to address reported customer issues.

• Improved scanner network performance by fixing a bottle neck in anti-dosing feature.

• Addressed scan engine crash related to the cookie provider premature destruction (before IEhost accepted the release of the cookie provider object).

• Fixed issue of scans not retaining scanconfig.scfg in regenerated reports.

• Removed certain caching-related log messages from normal logging to improve the usability of the normal logging information.

• Fixed a null pointer in AppSpider to mitigate potential engine crashes.

Attachments

    Outcomes