Scan for web vulnerabilities behind multi-step logins
We are excited to announce the new powerful feature that allows you to find vulnerabilities in web and API applications behind a multi-step authentication login sequence.
The web and API application scanner has received a new tool, a browser extension that operates in Google Chrome named Holm Security – Web Recorder.
With the Web Recorder browser extension, you can record multi-step login sequences, which typically require multiple steps or actions before the user is authenticated to the application. This sequence will be saved in a file and will contain all recorded actions. Uploading the recording for the related asset allows the vulnerability scanner to use the recorded login sequence to perform the authentication.
This new feature is available for scanning from our external/cloud scanners and later using a Scanner Appliance.
This enables everyone to identify vulnerabilities behind applications that use authentication, such as:
- Single sign-on using third-party provider such as Microsoft.
- Multiple steps to enter a username and password.
For local scans, Scanner Appliance revision 49+ is required as a minimum to use this new capability.
The new multi-step login will become available to customers over the next couple of days as we roll this out for general availability to all customers.
Read more:
How do I install Web Recorder in Google Chrome?
How do I record a login sequence using the Web Recorder plugin?
Updated terms for System & Network Scanning
Today an asset requires a license if there’s a response with any of the detection methods from the scan profile (ICMP, TCP SYN, etc.). This method has not always been accurate. To make the calculation more accurate, starting today, we have improved the way we calculate the number of licenses needed for your assets.
For an asset to require a license the following criteria must be met:
- One or more TCP or UDP port open with an active service responding.
- The asset is active.
With this update, we adjust the default settings for lifecycle asset management:
- The minimum threshold to monitor inactivity has been changed to 60 days.
- Assets marked as Inactive will not require a license.
- Assets marked as Inactive will have their vulnerabilities closed (same as from a scan).
- Inactive Assets will require a re-scan to become active again.
Read the updated terms and conditions:
Licensing policyImproved recipient statistics in Phishing & Awareness Training
We have added more detailed statistics about the user behavior that displays the user's exact actions were taken by the user in assessments and awareness training. This allows for more granular tracking of individual user actions and how the severity, also available in the unified views, is related to user behavior.
The recipient's view has also received new widgets to visualize the overall status across recipients to help highlight different dimensions of the recipients.
Threat score visualization for unified vulnerabilities
The new unified Vulnerabilities have received a new widget that visualizes the overall threat score across all your vulnerabilities, how it has changed over time, and the trend. This new visualization helps you understand the state of your vulnerabilities and how the threat level changes based on all your vulnerabilities.
Read more:
Other enhancements:
- Disconnected device assets will now have their vulnerabilities moved to the fixed state automatically.
- Phishing & Awareness Training emails are now properly sent when no action was taken on the training emails.
- All emails sent from Security Center do now include the account name, to make it easier to understand the information if you have multiple accounts.
- Exports to CSV have received enhancements to the formatting for improved compatibility when parsing from a broader range of clients.
Future enhancements
In late September we will make changes to the Platform API, which could have an impact on your integration with the API. We encourage everyone who is utilizing the API to review their implementation, to make sure it will be compliant with these changes.
The changes are being introduced to guarantee the performance and quality of our API. It includes the following:
- Strict usage will be enforced where clients of the API will need to properly implement pagination e.g using the next and previous parameters in the response of the API to iterate through the result.
- Strict usage will be enforced where clients of the API will need to properly implement limits of the requested endpoint e.g using the limit and offset parameters in the request.
If you have any questions, feel free to contact support@holmsecurity.com.