New
- New attack. We added support for the new attack modules 'JSON Injection', 'JSON Web Token', and 'Swagger UI XSS'. You can import these new attack modules from engine release 7.5.009.023.
- REST API. We have added a new ASE REST endpoint to allow System Admin users to retrieve all the targets for all their clients. For example,
/rest/v1/Target/GetAllTargets. - Scan Config. We updated the Scan Config to include Chromium as a browser option for macro authentication and as the JavaScript engine under the Advanced Options.
Improved
- Scan Config. We updated the Scan Config to align with the new AppSpider engine release version 7.5.
- OpenAPI/Swagger AppSpiderEnterprise now supports the upload of OpenAPI/Swagger docs with file types '.yaml' and '.yml'.
- Password Authentication. We updated the workflows for a forgotten password or a password reset to make it more user friendly.
Fixed
- We fixed an issue where target URLs were being incorrectly denied.
- Vulnerabilities that had been set to IGNORED no longer appear in the scan report after the scan had been regenerated.
- The selectable values for the ExtractionTokenLocation and InjectionTokenLocation parameters in ScanConfig > Advanced Options > AuthConfig > TokenReplacementList > TokenReplacement now display correctly.