New
- Added ability to manage session tokens. We added the ability to manage session tokens when given as a URL parameter.
- Added attack template and report. We added a new OWASP Top 10 attack template and report for 2021.
Improved
- Improved Automated Login detection. We improved the Automated Login detection of CAPTCHA technologies.
- Improved exceptions and parameters. We improved exception handling and parameter processing with the Microsoft Authentication Library feature.
- Updated ChromeDriver version. The installed version of Selenium ChromeDriver is now 99.0.4844.51.
- Improved Server Side Request Forgery module. We improved the SSRF module to reduce false positives.
Fixed
- Automated Login is no longer prevented from logging into several customer sites.
- An accumulation of cookies is no longer causing requests to be too long.
- Remote bootstrap authenticated scans are no longer timing out upon re-authentication when a logout occurs during the scan.
- An HTTP authentication header is no longer missing when running scans through the Scan Engine with traffic log enabled.
- Scanning REST APIs no longer results in an HSTS false positive.
- Scan timeouts are now reporting the correct statuses via REST.