Release on March 23, 2023

  • AWS S3 Bucket Takeover - The new test added, which searches for S3 buckets that no longer exist to prevent data breaches and malware distribution.
  • Template settings lock - Scan template settings now can be protected from editing to make sure that scans are performed with the same configuration as provided in the template.
  • Role scope changes - Users with projects:manage role scope are no longer allowed to edit project issues, only to read. Scope project-issues:write is required to edit issues.
  • Server-side pagination - now it is possible to filter and sort projects by the new parameters, such as severity, last time scan, unique hosts, etc.

Release on March 9, 2023

  • Enriched scans entry-points status and information: The Connectivity status was added, which allows users to track the final condition of the entry-point. Entry-points table was unified with other tables in the Bright app. Also now it is possible to filter the entry-points by multiple parameters. See more details in the documentation.
  • New role scopes: Scope project-issues:write allows to grant access to project issue management separately from access to project settings. Scope scan-labels:manage provides granular access to editing labels in scans that are already running or have been finished.
  • Improved SSTI test: The SSTI test improved by adding the new GO template payloads

Release on February 8, 2023

  • Custom headers support - The Bright app now allows users to manually add a custom header to browser-based form authentication and -recorded one. The auth_object prefix has also been added to the app for all authentication commands. All existing user commands will be updated automatically.
  • Excessive data exposure - The new test added, which tests the application for not screening sensitive information on the server side, depending on the client side to filter the sensitive data out.
  • Allow signups with business emails only - Registration with company email only is now available.

Release on January 18, 2023

  • Project-level file storage - Now uploaded files must be associated with a project so they can be shared between project team members.
  • GraphQL introspection test - Tests for externally exposed API documentation by querying /graphql endpoint. The target is the information about the schema and the data flow.

Release on December 26, 2022

  • New onboarding wizard - new onboarding wizard is an essential part of the Bright app, which provides clarity to the installation process, and will help users to better understand all the app functionalities.

Release on November 18, 2022

  • OTP (one-time password): Bright now provides the possibility to use a Time-Based One-Time Password (TOTP) and Hash-Based One-Time Password (HOTP). OTP is used during the creation of an authentication object for a target that uses a TOTP input field.
  • Editable labels for scans: it is now possible to filter scans by one or multiple labels, which simplifies the interactions with a large number of scans. Also, all the existing labels can be autocompleted in new scan settings, if needed.

Release on November 4, 2022

  • Editable labels for scans: Now all the scans can be marked by attaching fully editable labels, which are displayed in the scan details tab. It is available both in UI and API interfaces and helps users to attach any valuable information to the scan.
  • Prevent duplicate tickets: There are no more duplicating tickets while scanning using any type of available integrations. Also, as a part of this update, ticketing integration settings were moved from the Organization level to the Project level. As a result, adjusting the ticketing setting is now way faster and easier.

Release on October 20, 2022

  • Authentication trigger via browser’s location change patterns: Now the authentication object detects logout trigger via URL location change in the browser. The users just need to type exactly the same URL or its segments that they see in the search bar and do not need to think about whether it was an HTTP request or just manipulation of entries in the history.
  • Change severity of Project Issues: Bright now provides the possibility to manually change the severity of a particular project issue. Therefore, customers can use the app as a “source of truth” for their full collection of project scan findings.

Release on October 5, 2022

  • Authentication trigger via browser’s location change patterns: Now the authentication object detects logout trigger via URL location change in the browser. The users just need to type exactly the same URL or its segments that they see in the search bar and do not need to think about whether it was an HTTP request or just manipulation of entries in the history.
  • Mismatch of results when running a scan with crawler versus HAR fixed.: There is no more mismatch of issue severities when running a scan with crawler versus HAR.
  • Change severity of Project Issues: Bright now provides the possibility to manually change the severity of a particular project issue. Therefore, customers can use the app as a “source of truth” for their full collection of project scan findings.

Release on September 21, 2022

  • Authentication trigger via browser’s PAGE (DOM) change patterns: When the target application is opened with an unauthenticated browser, there may be some elements on the page, which are not visible when the browser is authenticated (for example, the login form). Now the user can pick the element’s selector using the browser’s Development Tools and create a trigger that starts the authentication process if an element is found using this selector. For details, see Creating Authentication.