New Features
- Pre-request script support
- New Log Data Retention options
New Vulnerability Checks
Updates
- Max items shown per page can now be configured
- Updated Deepscan to process hashes in URLs
- Updated Chromium to v92.0.4512.0
- Updated CSV export to include text only details
- JavaScript Library Audit now supports merged JavaScript files
- Added support for dev tools in standalone LSR
- Multiple UI updates
- Multiple LSR updates
- Target knowledgebase will now be reset when Target settings are changed
- Updated Selenium import to support selectFrame
- Updated OWASP Top 10 report to include CVSS score
- Updated Compliance report to include CWE
- Added option to enable debuglogs for all Targets
- Optimisations to the Java and Node.js AcuSensors
- Improved support for Hapi framework in Node.js AcuSensor
- Add support for find-my-way HTTP router in Node.js AcuSensor
- Improved ionCube Loader-wizard information disclosure check
- Improved cache poisoning DOS checks
- Improved detection of Apache Struts2 Remote Command Execution (S2-052)
- Improved detection of Directory Traversal vulnerabilities
- Added option to skip testing of login form configured for the Target
- Improved handling of Custom 404 pages
Fixes
- Fixed multiple crashes in the scanner
- Fixed issue causing some requests to be done to restricted links
- Addressed multiple Deepscan issues
- Paused scans can now be Aborted
- Fixed XPath Injection false positive
- Fixed Bitrix Open Redirect false positive
- Fixed Spring Boot Actuator false negative
- Fixed issue in .NET Sensor Manager not showing buttons on lower resolutions