Added classifications to the HSTS Not Enabled vulnerability
Excluded unpopular JavaScript Library Out of Date checks from the default policy to improve performance
Improved CSP security checks by analyzing empty responses, as CSP can be declared on headers instead of meta tags
Generalized the RegEx Pattern of the trace.axd detected vulnerability to match all languages
Improved JSON format detection
Replaced Unicode replacement characters with question marks in responses
Added a Scan Policy option to attack cookies
Improved element click DOM simulation for various element types
SRI Not Implemented will no longer be reported for localhost URLs
Improved ASP.NET error message detection
Added descriptions to PCI categories in the PCI Compliance Report
Improved Boolean SQL Injection detection
Improved the Blind Command Injection attack patterns
Improved the representation of Report Template compilation errors
Misconfigured X-Frame-Options Header is now reported separately
Improved Source Code Disclosure checks to prevent the reporting of JavaScript template pages
Status Code, Status Description and Content Length information have been added to the Slowest Pages node in the Knowledge Base
Improved WADL document parsing by ignoring DTDs
Improved Open Redirect DOM based confirmation performance
Long identified source code is shortened in Possible Source Code Disclosure vulnerabilities
Cookie vulnerabilities report where the cookie is set from
Improved Swagger Document Format detection
The file upload engine now detects new links in the response after the file is uploaded
BUG FIXES
Fixed the issue where Authentication did not work when retesting
Fixed the issue where the Swagger importer generated an invalid JSON request body
Fixed the ArgumentException thrown while performing Heartbleed security checks
Fixed the issue where the wrong version was identified for Drupal
Fixed a disallowed HTTP method issue where some methods were still being allowed
Fixed a typo in the CSP Not Implemented vulnerability details
Fixed a Form Authentication issue that occured on some React-based websites
Fixed signature detection for links found via the crawler
Fixed an issue in the CSP engine where it reported an incorrect vulnerability
Fixed a URL encoding issue in DOM simulation that was causing some vulnerabilities to be missed
Fixed the issue where the text parser incorrectly parsed extensions in the onclick event
Fixed duplicate parsing source field values reported for IFrame vulnerabilities
Fixed an issue where Apache MultiViews could not be detected in the target server
Fixed the incorrect Cookie Expire Date set during Form Authentication
Fixed the incorrect Source Code Disclosure report caused by SSTI attacks
Fixed a Content-Type parsing issue in Form Authentication
Fixed the issue where cookies received via Form Authentication were not being analyzed for vulnerabilities
Fixed the incorrect Source Code Disclosure reported when an XSS via RFI vulnerability was found
Fixed a bug in cookie handling code during Form Authentication
Fixed the incorrect severity reported for the Cookie not Marked as Secure vulnerability on some scans
Fixed an ArgumentOutOfRangeException thrown on some long scans
By using this website you agree with our use of cookies to improve its performance and enhance your experience. More information in our Privacy Policy.
