New Scan Engine release v7.5 FAQ
FAQs
This page is intended to address any commonly asked questions about the new Scan Engine release.
What action do I need to take?
No action is required, the update is automatically made to our cloud engines and you have instant access to the latest version of the scan engine.
Are the new updates on by default?
No. The new crawling service is off by default but can be enabled using the following steps:
On Scan Config navigate to Custom Options > Advanced Options > ScanConfig and select Chromium from the JavaScriptEngine dropdown.
Is there support available to help with the upgrade and any troubleshooting?
Our initial release focuses on Cloud engines. Our full support team are on hand to deal with any questions, concerns or help required troubleshooting any issues you may encounter during this time.
What new functionality is available with the new engine release?
New Crawler updates
Crawling technology (R7Crawler) is a new option over the existing crawler (ChromeHost).
- ChromeHost is still the default crawler
- Users may configure via the scan config to use the new crawler
- R7Crawler.exe is the new crawler
Features
- By using standard browsers, websites are rendered and crawled in a more realistic manner
- Browser automation (e.g. Selenium) now uses the bundled Chromium browser which removes the dependency to have Chrome installed on the machine
- Ability to record login video for debugging
- Support for Playwright macro format, improving element selection and playback speed
- Improved JavaScript event detection for link discovery and attacking
- Swagger UI discovery and attacking
- New scan config options have been exposed to control extended features
Swagger/OpenAPI upgrade
The swagger parser has been replaced with Microsoft's OpenAPI implementation.
- API Behavior remains consistent
- Existing swagger documents continue to be supported
- Parsing performance has increased up to 10 times faster
- Upgrade allows for handling of larger sized documents up to 4 MB
- Defaults to the new implementation
- Can switch to the old implementation via scan config option: On Scan Config navigate to Custom Options > Advanced Options > WebServiceConfig and enable UseSwaggerV1
Swagger UI Vulnerability detection
New ability to detect Swagger UI vulnerabilities such as XSS.
Stability Improvements
- Updated internal REST API service
- Improved diagnostics both in content and location (file, database, remote server)
- Resolved causes of common crashes
- Upgraded encryption libraries
- Twofish256 -> .NET AES encryption libraries
- .NET Framework 4.7.2 to .NET Framework 4.8.1 upgrade