June 2019

  • Infra refactoring into a micro-service architecture.
  • Separation of user portal and public website to prepare moving to serverless.
  • Separation of backend and add an orchestration backend to prepare moving from Swarm to k8s.

Mai 2019

  • Refactoring of API adding support for GraphQL.
  • Migration of website, user portal and orchestrator to GraphQL.

April 2019

  • Extending vulnerability test bed.
  • Add support for template injection of 4 new Java template engines.
  • Add support detection of Ruby code injection.
  • Add support detection of Node.js code injection.

March 2019

  • Multiple bug fixes and performance enhancements.
  • Fix false positive detection of Template Injection.
  • Add support detection of python code injection.
  • Add support detection of pickle deserialization injection.

February 2019

  • Multiple bug fixes and performance enhancements.
  • Enhance detection of XSS adding support for multiple callbacks vectors.

January 2019

  • New alpha system to detect vulnerabilities in backends from previously collected ones.
  • Creation of a new vulnerability test bed.

December 2018

  • Add support for detection of stored XSS.
  • Complete rework of the scan authentication module. It works well and sends fewer requests.
  • Brand new subscription menu.
  • Bug cleaning season.

November 2018

  • Add support for multi-step submitting of Forms.
  • Enhancement to automatic detection of CSRF fields and auto-update of CSRF tokens.
  • Alpha version of Fingerprinting agents.

October 2018

  • Major enhancement coverage of XSS contexts, long live Polyglot payloads.

September 2018

  • Enhance CSRF handling for web scanning.
  • Add scan export and import feature for on-premise scanning support.
  • Implementation of ADB Proxy agent for on-premise scanning support.
  • Add collection of screenshots and logcat traffic during dynamic analysis.

September 2018

  • New security rules for Android Network Security Configuration.
  • Fix false positives in Cryptography rules using static taint.
  • Rework of all rules formatting.
  • Fix PDF generation and add support for code highlighting.
  • Add support for kown pathes crawling
  • Add Artifact panel to store extracted source code, screenshots and traffic logs.
  • Add Xamarin source code decompilation.
  • Fix duplicate request testing by backend and XSS scanner.
  • Initial work on CSRF token detection and generation for POST request fuzzing.
  • Add support for inserting payloads in sub-pathes.

August 2018

  • Extensive bug fixes month of all core components.
  • Enhance testability of the scanning engine.
  • Enhance reporting features.

July 2018

  • Enhanced detection of template injection vulnerabilities.
  • New scanner for detecting XSS vulnerabilities.
  • Ehanced supported for nested serialization formats.
  • Major rework for scan scheduling engine for increased scalability.

June 2018

  • New backend scanning engine with beta support for SQL injection and XXE
  • Adding beta support for crawling of HTML content.

May 2018

  • Bumping free scanner coverage limit from 100 to 300.
  • New detector for encrypted IPA.
  • Fix false positive in dynamic rules detecting weak encryption.

April 2018

  • Porting LLDB for iOS to work on Linux.
  • New backend scan engine.
  • New experimental crawler.

February 2018

  • Adding Support for authenticated scan.
  • Final version of Java hook engine with stack trace support and full context inspection.
  • Major enhancement to the taint engine reducing false positives.
  • Multiple bug fixes affecting PDF generation and false positive declaration.
  • Adding feature to report false positives and remove them from the final report.
  • Multiple new dynamic rules to trace sensitive function call.
  • New agent to detect sensitive material files, like private encryption keys.

January 2018

  • Surface static taint analysis coverage in the scan report.

December 2017

  • Unsafe Transport App Security settings in iOS apps are reported as vulnerabilities.
  • Performance enhancement for the support of large multidex files.
  • Bug fix in method xref for multidex files.
  • Enhance vulnerability de-duplication.
  • Multiple bug fixes for iOS scan rules.

November 2017

  • Advanced option to detect weak files permission for both Android and iOS. (OWASP Mobile Top 10 - M2)
  • Advanced option to detect Personal Identifiable Information (PII) leakage for both Android and iOS. (OWASP Mobile Top 10 - M2)
  • Advanced option to detect clear-text traffic for both Android and iOS. (OWASP Mobile Top 10 - M3)
  • Advanced option to detect insecure TLS/SSL validation for both Android and iOS. (OWASP Mobile Top 10 - M3)
  • Advanced option to support iOS call to weak Cryptographic API. (OWASP Mobile Top 10 - M5)
  • Advanced option to support download PDF report.

September 2017

  • Stabilizing unlimited scan feature with bug fixes.
  • Correction of false positives in Insecure Encryption Mode.
  • Correction of false positives in ASLR detection for iOS Apps.
  • Move to a clustered architecture to support increase scan load.
  • Final version to support dedicated unlimited scans.

August 2017

  • New feature to support dedicated scans.
  • Tweaks and updates to the user interface to support fast uploading.

July 2017

  • New backend system to support the increased load.
  • Major code refactoring of all agents to support the new backend system.
  • Multiple bug fixes.

June 2017

  • New static taint engine for Android Bytecode.
  • Multiple bug fixes and performance tweaks.