Release on October 19, 2023
October 18th, 2023
- New test available - Broken Object Level Authentication (BOLA), (critical severity, number 1 in the OWASP API top 10). This test discovers unauthorized access or data manipulation to objects. The attack leverages objects that are not checking permissions at the object level (so an authenticated user can access objects he is not supposed to access).
For a detailed explanation please refer to OWASP: API1:2023 Broken Object Level Authorization. - Sitemap - Graphical representation of the web application hierarchy. The sitemap is available at two places in the product:
- Scan info - in the scan page lower section there are several tabs with information about the scan. A new tab is available (note that it is not visible by default in the section and the section setting should be used to turn this tab on). This tab is called sitemap and it shows the data, providing a clear understanding of the application mapping created throughout the discovery phase.
- Discover history - in the project page in the lower section, there are 4 tabs under the project overview section. The last tab is called discovery history. Тavigate to that tab, and select one of the discoveries that were performed in the project. It will lead to a new set of tabs called discovery results. Select the section setting, turn on the sitemap toggle and you will get the sitemap tab.
- Starting scan from template via CLI - Scan Templates allow predefined scan configurations to be re-used multiple times and save time and effort. Scan Templates can be used when setting a new scan in the UI. More details in the docs.
- PDF report customization enabled - The ability to customize the look of the PDF Report to the customer branding and style is now available for all customers. Users with "Admin" or "Owner" user roles, can set the PDF report style.