Release on July 27, 2023

  • Test buckets - Now all tests are organized into groups that describe general attack direction. There is still a possibility to select tests manually if needed.
  • New section in PDF reports - The PDF reports are now enhanced with new data about Vulnerable entrypoints, containing a number of issues related to a particular entrypoint.
  • Activity Log filters - New filters by date, object, action, and actor have been added.

Release on July 13, 2023

  • OTP support for recorded Browser-Based Form Authentication – manually added one-time password (OTP) generation feature is available now, as well as for Browser-Based Authentication and Custom API Authentication. Learn more about how to add an OTP in the authentication flow.
  • Scan PDF report customizationCompliance results section in Scan PDF reports has been reworked and upgraded by creating a new "Not checked" status. Learn about exporting scan reports in the article.
  • New vectors – 3 new vectors have been added to the XML External Entity Injection
  • New payloads – 2 new payloads have been added to the Reflective Cross-Site Scripting (rXSS)
  • Issues tab improvements – the new Unconfirmed issues tab & details showing SQL Injection findings

Release on July 3, 2023

This Bright's release is significant: it highly improves scanning speed and quality, due to the new architecture of internal processes. To learn more about the updated user flow, see the documentation.

Release on June 1, 2023

  • Improved activity log - The capabilities of the activity log have been improved: users now have the ability to view the activity of all users in the organization, and can easily filter the data based on the actor. For more information, see Managing Activity Log.
  • Improved Broken Object Level Authorization (BOLA) test - test logic has been changed to improve the scan resiliency.
  • Comment access with personal API-keys - Bright now provides the ability to manage comments using personal API-keys.

Release on May 18, 2023

  • Engine progress calculation improvements - Total scan progress now is based on actual tests that need to be done on each entry-point. As a result two new parameters can be displayed: tests progress per entry-point and time saved by parallel testing (performed with high-concurrency tests).

Release on May 4, 2023

  • New engine recoverability capabilities - The new engine mechanism has been implemented, that improves scan resilience with continuous progress saving, significantly reducing chances of failure.
  • New Activity log events - The new activity log events have been added for changes to project issue status, severity, and assignee.
  • Improved Projects filtering and presentation - Now it is possible to filter projects by their labels. Also, the Labels column is now presented in the Projects table.
  • Group role scopes inheritance - Role group permissions are now inherited on a user level.
  • Export all Projects data as a CSV file - The ability to export data of all projects in CSV format has been added.
  • Improved UI - The files attached to the project are now located in the Files tab, instead of a separate module.

Release on April 20, 2023

  • Common Vulnerability Exposed (CVEs) - The new test added, which tests targets for known third-party common vulnerability exposures.
  • Project issues labels - Bright now allows users to create up to 15 labels per project issue and filter them.
  • Project labels - We've introduced the ability to label the entire project, which is helpful to arrange the organization's structure.
  • Expiration API-key date - The ability to set the particular expiration date for API keys has been added. Personal, project, and organization levels are covered.
  • Entry-points table improvements - Now it is possible to adjust the settings of an entry-points table and customize it. A new quick action menu has been added to the table, providing the ability to copy entry-points requests as a cURL, and entry-points URL either.

Release on April 6, 2023

  • New Project issue counters design - the Project Issues counters design has been changed for a better understanding of how many issues are opened at the moment. Also, now users can see updated information without refreshing the page
  • Project Issue export CSV - Bright now allows users to export all the issues in the CSV file
  • Project Issues table configuration - All the issues can be filtered by severity, hosts, methods, and last reported date. Also, this table is now adjustable via the table configuration menu and simply by drag-and-drop columns in the way you need
  • Issues table loading improvements - Server-side pagination has been implemented to better the page performance

Release on March 23, 2023

  • AWS S3 Bucket Takeover - The new test added, which searches for S3 buckets that no longer exist to prevent data breaches and malware distribution.
  • Template settings lock - Scan template settings now can be protected from editing to make sure that scans are performed with the same configuration as provided in the template.
  • Role scope changes - Users with projects:manage role scope are no longer allowed to edit project issues, only to read. Scope project-issues:write is required to edit issues.
  • Server-side pagination - now it is possible to filter and sort projects by the new parameters, such as severity, last time scan, unique hosts, etc.

Release on March 9, 2023

  • New role scopes: Scope project-issues:write allows to grant access to project issue management separately from access to project settings. Scope scan-labels:manage provides granular access to editing labels in scans that are already running or have been finished.
  • Improved SSTI test: The SSTI test improved by adding the new GO template payloads