Release on 21 September, 2023

  • Snyk integration - Using this integration, Snyk SAST issues are being validating with the Bright DAST capabilities. This combined approach reduces false positives and provides more reliable vulnerability assessment process for users.
  • Tables improvements - We continue to unify and enhance all tables in the Bright app: server-side pagination and table controls have been added on User API keys table.

Release on 24 August, 2024

  • Baseline Parameters tool - Enhances accuracy by replacing our heuristic value approximations with predefined values. These enhancements aim to enhance the reliability and system predictability.
  • New Tests Available - CSS Injection, which tests for weaknesses that could allow hackers to inject malicious CSS code.
  • Organization API key support for scan templates - API keys can now be shared within the organization using specific permission scopes. Learn more about sharing a template.

Release on 10 August, 2023

  • Self-serve Connectivity tool - The Response tab within the Entrypoint Summary page now features a connectivity issue indicator, along with details regarding potential causes and solutions.
  • Enhanced Notification for Entrypoint Editor - A new notification has been integrated into the Entrypoint Editor, appearing whenever there's invalid syntax detected in the Request Body field.
  • New Tests Available - iFrame injection, Prompt injection
  • Rerun Discovery from the History tab - The option to quick Discovery rerun without adjusting the settings is now available.
  • Updated PDF reports - The Discovered Entrypoints section has been added to the PDF reports for enhanced content.

Release on 27 July, 2023

  • Test buckets - Now all tests are organized into groups that describe general attack direction. There is still a possibility to select tests manually if needed.
  • New section in PDF reports - The PDF reports are now enhanced with new data about Vulnerable entrypoints, containing a number of issues related to a particular entrypoint.
  • Activity Log filters - New filters by date, object, action, and actor have been added.

Release on 13 July, 2023

  • OTP support for recorded Browser-Based Form Authentication – manually added one-time password (OTP) generation feature is available now, as well as for Browser-Based Authentication and Custom API Authentication. Learn more about how to add an OTP in the authentication flow.
  • Scan PDF report customizationCompliance results section in Scan PDF reports has been reworked and upgraded by creating a new "Not checked" status. Learn about exporting scan reports in the article.
  • New vectors – 3 new vectors have been added to the XML External Entity Injection
  • New payloads – 2 new payloads have been added to the Reflective Cross-Site Scripting (rXSS)
  • Issues tab improvements – the new Unconfirmed issues tab & details showing SQL Injection findings

Release on July 3, 2023

This Bright's release is significant: it highly improves scanning speed and quality, due to the new architecture of internal processes. To learn more about the updated user flow, see the documentation.

Release on June 1, 2023

  • Improved activity log - The capabilities of the activity log have been improved: users now have the ability to view the activity of all users in the organization, and can easily filter the data based on the actor. For more information, see Managing Activity Log.
  • Improved Broken Object Level Authorization (BOLA) test - test logic has been changed to improve the scan resiliency.
  • Comment access with personal API-keys - Bright now provides the ability to manage comments using personal API-keys.

Release on May 18, 2023

  • Engine progress calculation improvements - Total scan progress now is based on actual tests that need to be done on each entry-point. As a result two new parameters can be displayed: tests progress per entry-point and time saved by parallel testing (performed with high-concurrency tests).

Release on May 4, 2023

  • New engine recoverability capabilities - The new engine mechanism has been implemented, that improves scan resilience with continuous progress saving, significantly reducing chances of failure.
  • New Activity log events - The new activity log events have been added for changes to project issue status, severity, and assignee.
  • Improved Projects filtering and presentation - Now it is possible to filter projects by their labels. Also, the Labels column is now presented in the Projects table.
  • Group role scopes inheritance - Role group permissions are now inherited on a user level.
  • Export all Projects data as a CSV file - The ability to export data of all projects in CSV format has been added.
  • Improved UI - The files attached to the project are now located in the Files tab, instead of a separate module.

Release on April 20, 2023

  • Common Vulnerability Exposed (CVEs) - The new test added, which tests targets for known third-party common vulnerability exposures.
  • Project issues labels - Bright now allows users to create up to 15 labels per project issue and filter them.
  • Project labels - We've introduced the ability to label the entire project, which is helpful to arrange the organization's structure.
  • Expiration API-key date - The ability to set the particular expiration date for API keys has been added. Personal, project, and organization levels are covered.
  • Entry-points table improvements - Now it is possible to adjust the settings of an entry-points table and customize it. A new quick action menu has been added to the table, providing the ability to copy entry-points requests as a cURL, and entry-points URL either.