Release notes

2024-02-21: Enhancements to Phishing & Awareness Training, API Scanning, and Unified Vulnerabilities and assets 


French, Portuguese, Spanish, & German added to Phishing & Awareness Training  

We are happy to announce the addition of French, Portuguese, Spanish, and German across the awareness training and in several phishing templates.  

Adding new languages allows you to perform simulations against new audiences out of the box, using the packaged content in the Security Center. The awareness training comes with new videos that will help educate your users. 

Build your human firewall with the help of simulated phishing attacks and automated and tailored awareness training. 

Interested in this product?
Build your own human firewall! Contact your Customer Success Manager or Sales Representative to get started with Phishing & Awareness Training. 

Improved Coverage and Enhancements to API Scanning  

Several new API capabilities are being released to strengthen the API scanner further, including some general stability improvements.  

These capabilities expand the API scanner's horizons, enabling it to uncover more vulnerabilities than ever before. Here's what you can expect: 

  • Web Cache Poisoning Protection 
    Safeguard your applications from sophisticated cache-poisoning attacks that could compromise your users' data. 
  • Enhanced Rate Limiting Audits 
    Prevent attackers from overwhelming your APIs by ensuring rate limits are effectively enforced. 
  • Input-Type Injection Detection 
    Identify and mitigate vulnerabilities arising from unsafe input handling, securing your applications from potential exploits. 
  • Strengthened Authentication Checks 
    Our scanner now goes deeper into API paths to uncover broken authentication mechanisms, fortifying your defenses against unauthorized access. 
  • Param Miner Audit Plugin 
    Discover hidden or unlinked parameters that could be exploited, ensuring comprehensive parameter security. 
  • OpenAPI Security Schematics 
    Leverage our enhanced analysis of OpenAPI specifications to identify security schema-related vulnerabilities, tightening your API security posture. 
  • Path and Subdomain Discovery 
    Uncover unknown internal paths and subdomains, and document undocumented or brute-forceable paths to prevent unseen access points into your systems. 
  • API Parameter Injection Audits 
    Protect your applications from malicious parameter injection attacks, ensuring the integrity and confidentiality of user data

Interested in this product?
Ensure your APIs are secure! Contact your Customer Success Manager or Sales Representative and we will tell you more. 

Get started with API scanning
If you are curious about these new features for API scanning, you can follow this step-by-step guide to set up a REST API scan:
https://support.holmsecurity.com/knowledge/how-do-i-set-up-a-rest-api-scan

Unified Vulnerabilities & Assets Improvements 

Ignored and disabled vulnerabilities 

Ignored and disabled vulnerabilities are now highlighted in Unified Vulnerabilities. Within the list of Unified Vulnerabilities, each vulnerability that is either disabled or ignored will have a label next to its name, elaborating on its state directly in the overview. Together with filtering, it becomes easy to track and find the vulnerabilities in different states.  

Improved workflows  

The workflow between Unified Assets and Unified Vulnerabilities has been improved, as links allow the user to jump between these two views within the details of an asset or a vulnerability.  

Vulnerability severity is now available 

The severity of the vulnerability has now been added to the details of a Unified Vulnerability, making it possible to see not only the risk and threat but also the severity from the CVSS score. 

Oter enhancements

  • Users will now see an indication in the user interface of Security Center whenever the loading times are slower, improving the experience when many objects are loaded. 
  • Comparison reports are now properly calculating the number of severities included in the report.  
  • All IP networks are now properly visible in Asset Manager filtering. 
  • Performance has been improved across several views when many objects are loaded. 
  • Phishing & Awareness Training has received several improvements to the user experience.