AppSpider release announcements for February 2017

Document created by Gary Sabala Employee on Feb 7, 2017Last modified by Gary Sabala Employee on Feb 23, 2017
Version 4Show Document
  • View in full screen mode

Rapid7 releases coverage updates for AppSpider to help you protect your environment against ever-evolving security threats. This page contains detailed announcements for the most recent AppSpider coverage releases:

 

  • AppSpider Enterprise Release 3.8.122 February 23, 2017
  • AppSpider Pro Release 6.14.050: February 21, 2017
  • AppSpider Pro Release 6.14.047: February 7, 2017

 

________________________________________________________________________________ _____

AppSpider Enterprise 3.8.122 Release:

Application enhancements | product

Improvements to how the application integrates and presents scan data, and how it performs overall, help you to manage security issues more effectively in your environment:

  • Enabled Bootstrap authentication capabilities utilizing the AppSpider Chrome plug-in
  • Enabled Macro recording feature utilizing the AppSpider Chrome plug-in
  • Fixed  Checkmarx report upload error.
  • Fixed  Baseline Comparison Report.
  • Fixed installer issue with localization files.

 

AppSpider Pro 6.14.050 Release:

Application enhancements | product

Improvements to how the application integrates and presents scan data, and how it performs overall, help you to manage security issues more effectively in your environment:

• Added new XSS attack against Struts framework. 

• Fixed Persistent XSS False Positive. 

• Fixed Hard-coded passwords False Positive.

• Added "HTTPS Everywhere" attack module.

• Fixed a crash condition during one-time-token detection routine.

• Fixed a hang in JSON parser.

• Updated HSTS verification to verify includeSubDomains directive and test headers on redirect responses.

• Performance improvements - removed duplicated attacks sent by crawl result attack point modules.

• Improve JSON parsing in OAUTH response.

• Updated CORS attack module to not run 'HTTPS downgrade' attack against HTTPS sites.

AppSpider Pro 6.14.047 Release:

Application enhancements | product

Improvements to how the application integrates and presents scan data, and how it performs overall, help you to manage security issues more effectively in your environment:

• Update attack modules to send custom auth HTTP header during attacks.

• Fixed Swagger default values parsing issue when a default values file is loaded into the Swagger utility.

• Resolved issue of some informational vulnerabilities not found after an AppSpider Scan.

• Update the logs to provide additional information on swagger parsing errors.

• Addressed issue of the UI not reporting that a selenium script has executed. 

• Updated the HTTPS Downgrade attack module to improve detection capabilities.

• Added a new attack module which checks for Content Security policy (CSP).

1 person found this helpful

Attachments

    Outcomes