This is a major release with several new features and improvements. Enjoy!
New features: web application scanning
Discovery scan & sitemap explorer
The new sitemap explorer for web apps will help you show a tree of all the URLs that are found from the discovery and normal scans. It is visible in scanning results (discovery scans only) and for the assets that are scanned (under the sitemap section on the asset).
Discovery scan will return the sitemap in the scan result and is meant to be used as a way to perform an initial scanning, to give you insights in what URLs to include/exclude and what URLs that will be affected by the scan.
You can start a discovery scan by pressing on "Add Scan" for a web app.
REST API support
REST API support have been added to the web app scanning which can be enabled on the web application asset, under the menu "Scan settings".
The REST API scanning is enabled by providing a path to a OpenAPI specification of the REST API (e.g a .swagger or .openapi) on the same domain as the web app. By providing the specification, the web app scanning will use the information it finds and include the scanning of the complete REST API.
Discovery scanning can be used to validate what URLs that are found in a REST API.
Request & payload data
It is now easier to troubleshoot how to reproduce a specific vulnerability for web app.
Both the request URI and the payload data that was used to identify the vulnerability is now available in both the scan results and inside the reports.
Every scan now has a progress bar with an estimation of when the scan will complete. Mouse over on the progress bar will also give you some additional information about the progress and the ETA of the scan.
- Our web application scanning engine have seen several improvements and optimizations which have lead to 10-30% faster scanning times.
- Graphs inside of the reports have received updates to provide more information.
- Adding tags have been improved for quicker access.
- The performance for generating reports have been improved.
- The On-Premise scanning nodes in the Virtual Appliances have received several enhancements that should make it more stable and easier to troubleshoot.