New
- View the CVSS 3.1 score for vulnerabilities. In addition to the InsightAppSec generated Severity level, you can view the CVSS score for each vulnerability. The two scores provide a holistic view of the vulnerability risk. For more information, see Vulnerability Information.
- Test scan authentication credentials. Test the login credentials while adding or updating a scan config to catch incorrect credentials and resolve them before running into an issue during a scan. For more information on verifying scan credentials, see Test your login credentials. To utilize this tool, you must have the Rapid7 AppSec Plugin for Chrome.
- Validate remediation with a validation scan. Run a validation scan to see if the previous scan can find the vulnerability again. If the scan doesn't find it, the vulnerability status changes to Remediated. For more information, see Test vulnerability remediation by re-running a scan.
- Event logging for InsightAppSec. InsightAppSec now sends audit logs to the Insight Platform to make it easier to investigate and share audit activity to auditors for compliance. The initial set of logged InsightAppSec events include Create, Update, Delete, Add, and more for applications, targets, scan configurations, and files. For more information, see Audit Logging.
Improved
- Simplified authentication configuration. When you create a new application scan and select authentication, by default the Automated Login option will be displayed to promote its capability. Also, we have improved the secondary navigation to include new, more logical, groupings to make it easier to find settings. For more information, see Configure Scan Authentication.