Bugs Fixed
- When creating a scheduled scan, the time is now validated against the user's local time.
- We have added the attack module Server Side Request Forgery, and removed attack module Known Vuln Module.
- Passwords under the Advanced option tab within the scan config will appear as an encrypted string.
- We fixed an issue where custom severities defined in the attack policy files in AppSpider Pro were not being obeyed when the attack policy file was imported into AppSpider Enterprise and used within a scan config.
- We fixed an issue where the "OAuthCustomField" was missing from the scan settings.
- X-XSS-Protection header has been added to protect older web browsers.
- A scheduled scan will fail if the target is no longer allowed. We added an entry to the processing log to describe this behaviour.
- We fixed an issue where HTTP or HTTPs were added as separate target.
New Features and Enhancements
- We have added a new REST endpoint,
/rest/v1/Finding/GetAttackName, which allows you to get the attack name for a vulnerability.