Mar 30, 20237.4.051

New

  • Predictable Resource Location. We updated the Description and Recommendations for Predictable Resource Location where info.php is found.

Improved

  • Selenium ChromeDriver. We upgraded Selenium ChromeDriver to version 111.0.5563.64.
  • HTTP Strict Transport Security. Updated HTTP Strict Transport Security description and recommendations.
  • Macro iframes. We improved macro iframes support.
  • Configuration options. We added an option to configure the MSAL authority URL.
  • Browser Cache directive. Browser Cache directive (web application performance) now targets API endpoints.
  • Blind NoSQL. We reduced false positives with Blind NoSQL attack module.
  • HTTP Headers. We reduced the HTTP Headers attack redundancy by deprecating HTTPHeadersCharset001.
  • Command Injection. We renamed OS Commanding to Command Injection. We also improved the attack module by removing duplicates.
  • Parameter Fuzzing. Reduced false positives in the Parameter Fuzzing module.
  • Server Configuration. We updated the list of servers in the Server Configuration attack module.

Fixed

  • We fixed an issue with GraphQL parsing.
  • Interactions with check boxes and radio buttons now work as expected.
  • JSON body values are now correctly replaced with token replacement.
  • We fixed an issue that caused a false positive for the XPath Injection attack module.
  • The HTTP Headers vulnerability severity is set correctly to ‘Informational’.
  • The report generation directory is now set correctly.