Improved Web Application Scan Engine
We are excited to announce the limited availability (beta) of our new web application scan engine.
This new version of the web application scan engine includes major improvements related to performance and vulnerability detection accuracy, as well as a technology upgrade that enables us to expand our scanning and coverage capabilities in the future.
In terms of performance, the new version detects approximately 35-90% more vulnerabilities than the previous version. The improved crawling discovery capabilities result in 50-80% more URL links being discovered, which is directly related to how many vulnerabilities can be found.
The new version is available for external scans only, which can be used for JavaScript and non- JavaScript enabled scans. The latest version is available as a beta until we consider it stable enough for production usage.
You can try out the new version by enabling it inside the web application scan profile.
OWASP 2021 Top 10 Support
OWASP is an important security framework that defines guidance on what to focus on within your web application security strategy. Security Center now supports the new OWASP Top 10 version 2021, which includes several changes across the categories from OWASP Top 10 version 2017.
The visualization below shows what changes have been made between OWASP Top 10 version 2017 and 2021:
- Orange = Changed priority
- Yellow = Merged with another category
- Green = New category
Source: https://owasp.org/Top10/A00_2021_Introduction/
More Details About Cloud Scans
Cloud scans will now expose more information about each scan. It is easier to overview how it was executed, what scan profile was used, and which schedule triggered the scan, if available.
This information is available from the overview of all scans and within a selected scan result.
Expanded Coverage for Scanning Amazon Web Services (AWS)
We have expanded our Cloud scanning coverage for Amazon Web Services (AWS), where we now support a major part of the services in AWS. With this release, we bring up the total number of services supported within AWS to 88, and a total of over 500 different risks we are scanning for.
What cloud services are supported?
Export Recipients from Phishing & Awareness Training
Recipients overview contains statistics and data on all your recipient users within Phishing & Awareness Training. From this view, you can easily track the users with the highest severity risk from your assessments.
With the new export feature, you can export all your recipients into a single file using the comma-separated value (CSV) format. This allows you to correlate the data from recipients in other reporting engines and gather analytics.
How do I export recipients from Phishing & Awareness Training?
Archiving Phishing Templates
Every account can build up a set of phishing templates when using Phishing & Awareness Training. There is now a new feature to easily archive irrelevant templates, allowing every account to maintain its phishing templates over time.
Phishing templates that are archived will be default hidden from the list view but can be restored at any time by displaying them using the filtering options. Phishing templates that are archived for over 6 months will be permanently deleted.
How do I archive and restore a phishing template?
General Enhancements
- Improved compatibility across email clients for emails sent by Phishing & Awareness Training.
- Figures could be incorrect on the subscription overview when assets were bound to an IP range. This has now been fixed.
- Policy scans do now take the scan result outcome into account when displaying the final status on the scans overview.
- Network assets can now be filtered on the state of the asset within the Asset Manager.
- Addressed an issue when specific filters on Vulnerability Manager could prevent a report from being generated.
- The number of new vulnerabilities is now included in the result summary from the Platform API.
- Several phishing templates have received support for additional languages.