New security checks
- Added a check for Craft CMS Development Mode enabled
- Added a check for Craft CMS register_argc_argv RCE (CVE-2024-56145)
- Added a check for Apple's App-Site Association (AASA) file
- Added new checks for API9:2023 Improper Inventory Management
- Added new checks for API10:2023 Unsafe Consumption of APIs
- Added new checks for API2:2023 Broken Authentication
New features
- Added support for scanning web applications using Smart Card Authentication. Learn more.
Improvements
- Improved detection of Microsoft SQL Server as a technology
- Improved detection of XSS
- Updated the severity of some vulnerabilities to better reflect their impact
- Improved detection of weak passwords
- Improved detection of Blind XSS
- Improved detection of SQL Injection
- Updated scanner to never downgrade from HTTPs to HTTP
Resolved issues
- Improvement to launching Chromium on Windows 10 build 14393