New
- NoSQLi. Added a new attack for NoSQLi - Double Quote (Single ASCII).
Improved
- Bearer auth token. Made improvements to prevent bearer auth token from being returned in the report.
- GraphQL. Added the ability to scan GraphQL API's that require Authorization at a query level.
- Advanced Config. We have added the ability to set the
MaxCookieHeaderSize
within the Advanced Config. - Structured exception. The Scan Engine was improved to fix a crash that was being caused by a structured exception.
- Search fields. We improved the way the Scan Engine interacts with search fields to reduce false positives returned.
Fixed
- The Swagger parameter training now correctly substitutes the
version
parameter. - An issue where setting
max404findingspermodule
to 0 caused the scan to produce 0 findings, has been resolved. - Resolved one type of long task duration that was caused by scheduling parameter attacks.