Skip to Content
Release NotesInsightappsecIndex

Mar 10, 2025

This engine release includes Macro based HOTP/TOTP Authentication, enhancements to the SSL Strength and Swagger UI DOM Based attack modules. In addition, we have added enhanced Proxy support capabilities. It also includes various R7Crawler and ChromeHost improvements.

7.5.016 (released March 10, 2025)

New Attack features and enhancements

  • SSL Strength Module improvements:
    • TLS 1.2 checks added.
    • TLS 1.0/1.1 severity increased to HIGH.
    • Updated expiration thresholds, descriptions, and remediation content.
  • Swagger UI DOM Based Attacks: detection improvements to reduce false positives.

New Crawling/Scanning features and enhancements

  • R7Crawler now supports Macro based HOTP/TOTP authentication.
  • Improved R7Crawler service recovery:
    • Attempts to recover the crawler will only be triggered if scanning is still being performed.
  • Improved R7Crawler coverage:
    • Allowing sub-requests by default (unless blocked by a specific rule)
    • Any URLs in blockedNavigation should be added to the list of URLs to be scanned.
  • Improved R7Crawler handling of invalid ALF hooks
  • Login video files generated by R7Crawler have more meaningful filenames.
  • Improved the scan engine logging during macro authentication.
  • Canary Page Session Detection: Improved the re-login trigger and logging when session loss is detected.
  • Proxy configuration and handling improvement:
    • Added a proxy exclusions list for Manual Proxy Configurations, allowing specified domains (including wildcards) to bypass the proxy.
    • Improved PAC (Proxy Auto-Configuration) support for ChromeHost and R7Crawler.
  • Upgraded Selenium ChromeDriver to version 133.0.6943.126.