- New security rules for Android Network Security Configuration.
- Fix false positives in Cryptography rules using static taint.
- Rework of all rules formatting.
- Fix PDF generation and add support for code highlighting.
- Add support for kown pathes crawling
- Add Artifact panel to store extracted source code, screenshots and traffic logs.
- Add Xamarin source code decompilation.
- Fix duplicate request testing by backend and XSS scanner.
- Initial work on CSRF token detection and generation for POST request fuzzing.
- Add support for inserting payloads in sub-pathes.
- Extensive bug fixes month of all core components.
- Enhance testability of the scanning engine.
- Enhance reporting features.
- Enhanced detection of template injection vulnerabilities.
- New scanner for detecting XSS vulnerabilities.
- Ehanced supported for nested serialization formats.
- Major rework for scan scheduling engine for increased scalability.
- New backend scanning engine with beta support for SQL injection and XXE
- Adding beta support for crawling of HTML content.
- Bumping free scanner coverage limit from 100 to 300.
- New detector for encrypted IPA.
- Fix false positive in dynamic rules detecting weak encryption.
- Porting LLDB for iOS to work on Linux.
- New backend scan engine.
- New experimental crawler.
- Adding Support for authenticated scan.
- Final version of Java hook engine with stack trace support and full context inspection.
- Major enhancement to the taint engine reducing false positives.
- Multiple bug fixes affecting PDF generation and false positive declaration.
- Adding feature to report false positives and remove them from the final report.
- Multiple new dynamic rules to trace sensitive function call.
- New agent to detect sensitive material files, like private encryption keys.
- Surface static taint analysis coverage in the scan report.
- Unsafe Transport App Security settings in iOS apps are reported as vulnerabilities.
- Performance enhancement for the support of large multidex files.
- Bug fix in method xref for multidex files.
- Enhance vulnerability de-duplication.
- Multiple bug fixes for iOS scan rules.
- Advanced option to detect weak files permission for both Android and iOS.
(OWASP Mobile Top 10 - M2)
- Advanced option to detect Personal Identifiable Information (PII) leakage for both
Android and iOS. (OWASP Mobile Top 10 - M2)
- Advanced option to detect clear-text traffic for both Android and iOS.
(OWASP Mobile Top 10 - M3)
- Advanced option to detect insecure TLS/SSL validation for both Android and iOS.
(OWASP Mobile Top 10 - M3)
- Advanced option to support iOS call to weak Cryptographic API.
(OWASP Mobile Top 10 - M5)
- Advanced option to support download PDF report.
- Stabilizing unlimited scan feature with bug fixes.
- Correction of false positives in Insecure Encryption Mode.
- Correction of false positives in ASLR detection for iOS Apps.
- Move to a clustered architecture to support increase scan load.
- Final version to support dedicated unlimited scans.
- New feature to support dedicated scans.
- Tweaks and updates to the user interface to support fast uploading.
- New backend system to support the increased load.
- Major code refactoring of all agents to support the new backend system.
- Multiple bug fixes.
- New static taint engine for Android Bytecode.
- Multiple bug fixes and performance tweaks.