Release of October 2024

New business logic test

  • Broken Object Level Property Authorization (BOPLA). This test checks if the application properly enforces access controls on individual properties of an object.
    Read additional details in here.

Enhancements

Scan health metrics

  • We've adjusted the successful requests logic, and it now includes any request which is not a network timeout, network gateway error, rate-limiting or authentication error.

Authentication objects

  • Email OTP: Added support for base64 encoded emails.

Webhooks

  1. Webhook triggers were extended to support discoveries: You can now trigger a webhook when discovery has started, ended or changed status.
  2. The optional customerMetadata scan field is now included as part of the scan webhook payload.

Webhooks documentation


Bright-CLI:

  1. v12.6.0: The timeout flag now accepts duration strings (Command Language Syntax).