AppSpider release announcements for June 2017

Document created by Gary Sabala Employee on Jun 9, 2017Last modified by Gary Sabala Employee on Jun 26, 2017
Version 4Show Document
  • View in full screen mode

Rapid7 releases coverage updates for AppSpider to help you protect your environment against ever-evolving security threats. This page contains detailed announcements for the most recent AppSpider coverage releases:

 

  • AppSpider Pro Release 6.14.070: June 26, 2017
  • AppSpider Pro Release 6.14.068: June 21, 2017
  • AppSpider Pro Release 6.14.066: June 8, 2017

 

________________________________________________________________________________ _____

AppSpider Pro 6.14.070 Release:

Application enhancements | product

Improvements to how the application integrates and presents scan data, and how it performs overall, help you to manage security issues more effectively in your environment:

  • Improved scan coverage by updating form population to use two data sets.
  • Added new BSQL attacks against date format values.
  • Added support for Brotli decompression.
  • Updated title of Credentials sent with GET method finding to be more descriptive of what was detected.
  • Improved the reliability of login macro playback.
  • Resolved issue of Selenium script replay discards X-XSRF-Token header.
  • Resolved issue of Selenium execution dropping HTTP headers.

 

AppSpider Pro 6.14.068 Release:

Application enhancements | product

Improvements to how the application integrates and presents scan data, and how it performs overall, help you to manage security issues more effectively in your environment:

  • Resolved issues causing detection issues for WAVSEP/XSS use cases.
  • Updated the ability within AppSpider to support Azure Active Directory authentication flows.
  • Resolved issue of Content-Type header is missing from the swagger POST request.
  • Fixed XSS attack module False Positives.
  • Resolved issue of AppSpider overwriting HTTP headers during login playback.

AppSpider Pro 6.14.066 Release:

Application enhancements | product

Improvements to how the application integrates and presents scan data, and how it performs overall, help you to manage security issues more effectively in your environment:

 

  • Resolved customer reported SQL false positive issue.
  • Fixed issue with the AppSpider uninstaller not being digitally signed.
  • Added the ability within AppSpider to support Azure Active Directory authentication flows.
  • Resolved issue with the Delayed SQL Execution (MySQL) attack impacting scan execution speeds.
  • Fixed an out-of-memory condition that sometimes prevented completion of report generation.
  • Changed wording of long running task warnings so as to be less alarming to end users.
  • Scan engine will now compact the database file to maximize data density.
  • Resolved issue with Engine REST API when the engine is updated REST endpoint returns unexpected error.
  • Resolved Exception issue in the ADAL login during Brute Force attack.
  • Updated reports to include a full URL to ASP.NET misconfiguration finding.
  • Fixed an intermittent crash condition during persistent reflection analysis.
  • Fixed XSS False Positive caused by failures during verification in browser.
  • Updated reference to Chrome Validate plugin in the AppSpider reports.
  • Resolved a problem, where engine did not append session cookies to the request for a swagger file.
  • Added Azure-AD .dll assemblies to installer to support Azure Active Directory authentication flows.

Attachments

    Outcomes