New
- Attack modules. We have added a new active attack module, Out of Band SQL Injection (OOB SQLi). You can import the attack modules from engine release 7.4.046.014 to obtain this new attack module.
- Monitoring scans. AppSpider Enterprise no longer supports the ability to configure and/or use AppSpider engines for monitoring scans.
Improved
- Microsoft .NET Framework Redistributable Package has been upgraded to release 4.8. During the installation of AppSpider Enterprise, the .NET Framework 4.8 setup dialog appears if the machine does not have 4.8 already installed. At the end of the install, you are prompted to reboot now or later.
- We have added an option to upload a Selenium file to seed a scan in the Crawling tab of the Scan Config.
- We have removed the length restriction on the password for Simple Authentication.
- We have updated the Scan Config to align with the recent AppSpider engine releases (version 7.4.46 and below).
Fixed
- Simple Form authentication has been renamed Automated Login in the Authentication tab of the Scan Config.
- You can now correctly assign a new AD/LDAP account to a client in AppSpider Enterprise.
- You can now delete an AD/LDAP account in AppSpider Enterprise.
- When you select a custom attack template in the scan config, the attack modules now trigger during the execution of a scan.
- We have added a new single sign out option named
signOutUrl=""to thesamlproviders.configfile so you can provide the logout URL of the IDP. The new parameter is available on a clean install but if it’s an upgrade, you are required to manually add it to the config file.