Release on June 11, 2024
June 10th, 2024
Enhancements
- Webhooks - users can now add headers sent with the webhook to include authentication headers, enabling webhooks to access authenticated endpoints.
- Webhooks and their headers can be managed from the Project settings in the Webhooks section. To add a header, do the following:
- Select a suitable Header name from a drop-down menu or type your own.
- Provide a Header value to proceed.
- Webhooks and their headers can be managed from the Project settings in the Webhooks section. To add a header, do the following:
There is no limit to the number of custom header values you can add.
- Scan Health monitoring - Easily spot and filter authentication and network issues during a scan with colored indicators based on successful request percentage. This health status refers to scan results, not overall Entrypoint health, highlighting test interactions during scanning.
- New columns have been added to the Entrypoints table on the Scan Info page: Health, Successful Requests, and Total Requests. The Health metric is calculated by dividing the number of successful requests by the total number of requests.
- New filters for Health, Successful Requests, and Total Requests are available.
- Successful Requests are any responses that are not
401(Unauthorized) or403(Forbidden).
- Users can now add metadata to run a new scan call to simplify automation workflows and provide additional metadata for a complex programmatical flow. This is relevant only for API start scans.
- To add metadata, add the
customerMetadataparameter into the request body:
{
"tests": [
"csrf",
"sqli"
],
"buckets": [
"string"
],
"entryPointIds": [
"EP_ID"
],
"discoveryTypes": [
"archive"
],
"poolSize": 50,
"crawlerUrls": [
"https://example.com"
],
"attackParamLocations": [
"artifical-fragment"
],
"extraHosts": {
"example.com": "127.0.0.1"
},
"headers": [
{
"name": "Authorization",
"value": "Bearer token",
"mergeStrategy": "replace"
}
],
"fileId": "FILEID",
"hostsFilter": [
"localhost:3000"
],
"repeaters": [
"REPEATERID"
],
"smart": true,
"optimizedCrawler": true,
"maxInteractionsChainLength": 5,
"subdomainsCrawl": true,
"skipStaticParams": true,
"projectId": "PROJECTID",
"exclusions": {
"requests": [
{
"patterns": [
"(?<excluded_file_ext>(\\/\\/[^?#]+\\.)((?<image>jpg|jpeg|png|gif|svg)|(?<font>ttf|otf|fnt|fon))(?:$|#|\\?))"
],
"methods": [
"GET"
]
}
],
"params": [
"^(?!.*login).*$"
],
"htmlSelectors": [
"/html/body/div[1]/table/tbody/tr/td[8]/a",
".mat-focus-indicator .mat-menu-item ng-tns-c46-3"
]
},
"inclusions": {
"headers": [
"Authorization"
]
},
"slowEpTimeout": 100,
"targetTimeout": 120,
"name": "brokencrystals owasp top 10",
"authObjectId": "AUTHOBJECTID",
"schedule": {
"type": "future",
"repeatInterval": 1000,
"repeatIntervalUnit": "hours",
"repeatWeekdays": [
0
],
"nextRunAt": "2024-06-10T10:17:06.825Z",
"endAt": "2024-06-10T10:17:06.825Z",
"runNow": false,
"skipConcurrent": true
},
"module": "dast",
"templateId": "TEMPLATEID",
"info": {
"client": {
"name": "bright-cli",
"version": "10.0.0"
},
"provider": "string",
"source": "api"
},
"configSource": {
"type": "integration",
"metadata": [
{
"system": "azure",
"issueSourceId": "ISSUESOURCEID"
}
]
},
"customerMetadata": "TEXT_PLACEHOLDER"
}
- The
customerMetadataThefield is a string type, so any text information can be placed here. The maximum length of this field is 10000 characters. - To request previously added metadata, use the endpoint:
/api/v1/scans/{SCAN_ID}/customer-metadata