Apr 23, 20243.8.238


  • New attack. We added support for the new attack modules 'JSON Injection', 'JSON Web Token', and 'Swagger UI XSS'. You can import these new attack modules from engine release
  • REST API. We have added a new ASE REST endpoint to allow System Admin users to retrieve all the targets for all their clients. For example, /rest/v1/Target/GetAllTargets.
  • Scan Config. We updated the Scan Config to include Chromium as a browser option for macro authentication and as the JavaScript engine under the Advanced Options.


  • Scan Config. We updated the Scan Config to align with the new AppSpider engine release version 7.5.
  • OpenAPI/Swagger AppSpiderEnterprise now supports the upload of OpenAPI/Swagger docs with file types '.yaml' and '.yml'.
  • Password Authentication. We updated the workflows for a forgotten password or a password reset to make it more user friendly.


  • We fixed an issue where target URLs were being incorrectly denied.
  • Vulnerabilities that had been set to IGNORED no longer appear in the scan report after the scan had been regenerated.
  • The selectable values for the ExtractionTokenLocation and InjectionTokenLocation parameters in ScanConfig > Advanced Options > AuthConfig > TokenReplacementList > TokenReplacement now display correctly.