Release on March 9, 2023

  • New role scopes: Scope project-issues:write allows to grant access to project issue management separately from access to project settings. Scope scan-labels:manage provides granular access to editing labels in scans that are already running or have been finished.
  • Improved SSTI test: The SSTI test improved by adding the new GO template payloads

Release on February 8, 2023

  • Custom headers support - The Bright app now allows users to manually add a custom header to browser-based form authentication and -recorded one. The auth_object prefix has also been added to the app for all authentication commands. All existing user commands will be updated automatically.
  • Excessive data exposure - The new test added, which tests the application for not screening sensitive information on the server side, depending on the client side to filter the sensitive data out.
  • Allow signups with business emails only - Registration with company email only is now available.

Release on January 18, 2023

  • Project-level file storage - Now uploaded files must be associated with a project so they can be shared between project team members.
  • GraphQL introspection test - Tests for externally exposed API documentation by querying /graphql endpoint. The target is the information about the schema and the data flow.

Release on December 26, 2022

  • New onboarding wizard - new onboarding wizard is an essential part of the Bright app, which provides clarity to the installation process, and will help users to better understand all the app functionalities.

Release on November 18, 2022

  • OTP (one-time password): Bright now provides the possibility to use a Time-Based One-Time Password (TOTP) and Hash-Based One-Time Password (HOTP). OTP is used during the creation of an authentication object for a target that uses a TOTP input field.
  • Editable labels for scans: it is now possible to filter scans by one or multiple labels, which simplifies the interactions with a large number of scans. Also, all the existing labels can be autocompleted in new scan settings, if needed.

Release on November 4, 2022

  • Editable labels for scans: Now all the scans can be marked by attaching fully editable labels, which are displayed in the scan details tab. It is available both in UI and API interfaces and helps users to attach any valuable information to the scan.
  • Prevent duplicate tickets: There are no more duplicating tickets while scanning using any type of available integrations. Also, as a part of this update, ticketing integration settings were moved from the Organization level to the Project level. As a result, adjusting the ticketing setting is now way faster and easier.

Release on October 20, 2022

  • Authentication trigger via browser’s location change patterns: Now the authentication object detects logout trigger via URL location change in the browser. The users just need to type exactly the same URL or its segments that they see in the search bar and do not need to think about whether it was an HTTP request or just manipulation of entries in the history.
  • Change severity of Project Issues: Bright now provides the possibility to manually change the severity of a particular project issue. Therefore, customers can use the app as a “source of truth” for their full collection of project scan findings.

Release on October 5, 2022

  • Authentication trigger via browser’s location change patterns: Now the authentication object detects logout trigger via URL location change in the browser. The users just need to type exactly the same URL or its segments that they see in the search bar and do not need to think about whether it was an HTTP request or just manipulation of entries in the history.
  • Mismatch of results when running a scan with crawler versus HAR fixed.: There is no more mismatch of issue severities when running a scan with crawler versus HAR.
  • Change severity of Project Issues: Bright now provides the possibility to manually change the severity of a particular project issue. Therefore, customers can use the app as a “source of truth” for their full collection of project scan findings.

Release on September 21, 2022

  • Authentication trigger via browser’s PAGE (DOM) change patterns: When the target application is opened with an unauthenticated browser, there may be some elements on the page, which are not visible when the browser is authenticated (for example, the login form). Now the user can pick the element’s selector using the browser’s Development Tools and create a trigger that starts the authentication process if an element is found using this selector. For details, see Creating Authentication.

Release on September 6, 2022

  • Copy scan configuration as REST API (curl) option: Bright now enables users to copy scan settings as REST API cURL command to run a scan. When there are several scans with different settings completed in Bright, the user can copy the scan configuration as REST API (curl) command to start a new scan. Therefore, it is possible to use the same scan settings to automate scan execution or to integrate into CI/CD.