- In this release, we've made major speed improvements to the OS command injection (OSI) and server-side request forgery (SSRF) attacks.
The latest release is available at app.brightsec.com!
The latest release is available at app.brightsec.com!
IBM API Connect - Add support to IBM API Connect format of OAS files, supporting a customer need. OAS file is an industry standard, but IBM added some specific syntax to the OAS generated by their system that required specific parsing that was added.
Snyk integration - Extended the view of Bright's Snyk integration. The platform now shows how many vulnerabilities were imported from Snyk, how many Bright issues matched a specific attack simulation, and the specific vulnerabilities that were validated and found by Bright, as well as the indication from the SAST tool. It creates a clearer view of the activity and findings and enables our customers to focus on the remediation of the most severe vulnerabilities.
The latest release is available at app.brightsec.com!
New test added: Google Cloud Storage - Google Cloud Storage attack (Medium severity, # 1 in the OWASP top 10 Web Apps for 2021). This test validates URLs in payloads that address Google Cloud Storage. When the URL can be copied and used outside of the scope of the authenticated user, the data stored is at risk of exposure.
For more details see the documentation.
Scan progress indication in the scan view - A new column was added to the scans table called Tests Progress. This column provides a percentage estimation of the test progress. Users can view, filter, and sort the scans table based on this column.
For more details see the documentation.
Set Single Sign-On with Microsoft Azure Entra ID - Admins can set the SSO for the Bright platform from within the Microsoft Entra ID interface based on their existing user directory. See our documentation for setup instructions.
To learn how to set up the integration, see the documentation.
Bright's API: Update scan behavior - Ability to edit Scheduled/Queued/Re-test scans to use tests defined in a template instead of defining specific tests
Go explore it on app.brightsec.com Brightsec app!
We highly recommend using the latest version to benefit from the enhanced capabilities and stability. We are planning to end the support for version 9 by the end of 2023, and we recommend upgrading to newer versions in the near future.
For details, read the official overview Docs.