AppTrana

Overview Onboarding to AppTrana Comparison between Old Portal and New Portal SAML Integration with Entra ID for Single Sign-On - AppTrana WAF

Dashboard

AppTrana Dashboard

Applications & Groups

Protection Status Discover Assets DNS Management Manage Groups

API Security

API Protection API Scanning API Discovery

Manage Assets

Application Details Origin Server Address Origin Health Check Mechanism SSL Details

WAAP Policies

Behavioral DDoS Protection Attack Shield BOT Policies Customize Application Behavior with BOT Confidence Score WAF Status Malware Scanning for File Uploads Global Traffic Access Settings ASN Based IP Whitelisting Browser Protection Core and Custom Rules

Vulnerabilities

Manage Vulnerabilities SwyftComply for Auto Scan & Manual Pentest SwyftComply for API Scan Whitelist Vulnerabilities

Attacks

Bandwidth

FAQs on CDN Manage Bandwidth

Actions

Logs & Reports

Access Logs Attack Logs False Positive Analysis Report

License & Utilizatiion

Licenses & Utilization

Settings

Manage Profile Role-Based Access Control (RBAC)Enable SIEM Integration SIEM Integration through API Configure Custom Error & Maintenance Page CI/CD Integration AppTrana and Jira Integration

Profile

Password Management Manage Email Alerts

Others

WAF Automated Bypass and Unbypass

AI Shield

Indusface WAS

Onboard into Indusface WAS SAML Integration with Entra ID for Single Sign-On - Indusface WAS

Summary

Summary WAS Consulting License

Dashboard

Malware Monitoring

WAS Defacement Checks Malware Monitoring

Application Audit

Application Audit

Vulnerability Assessment

Vulnerability Assessment

API Security Audit

API Security Audit

Asset Monitoring

Asset Monitoring

EASM

External Attack Surface Management (EASM)

Reports

Vulnerabilities

Vulnerabilities Web App Secrets API AcuRisQ – Risk Management with Advanced Risk Scoring

Settings

Settings API Key Based - Scan Log Export SIEM Integration with Sumo Logic Jenkins Security Scan Automate Issue Reporting: JIRA & WAS Integration

Indusface WAS MSSP

Indusface WAS MSSP

Summary

Dashboard

Application Scan

Application Scan

API Security Audit

API Security Audit

Reports

Settings

Settings Website Users Groups Report Protection Email Notification Company Service Mapping

WAS MSSP Consultant

WAS MSSP Consultant

Administrators

WAS MSSP Consultant Admin

WAS MSSP Consultant Admin Consultancy Service Listing Manual Scan API Service List Vulnerability Add Vulnerability

Additional Resources

AppTrana Protection WAF Rules Coverage Indusface WAS Scanned Vulnerabilities AppTrana API Protection - OWASP Top 10 of 2019 API Scan Coverage for OWASP Top 10 OWASP API Security Top 10 2023 – AppTrana API Protection Input Form Field Values Used by Indusface WAS Scanner During Crawling

Zero-Day Vulnerability Reports

Zero-Day Reports

Vulnerabilities Identified in 2021

Vulnerability Report of January 2021 Vulnerability Report of February 2021 Vulnerability Report of March 2021 Vulnerability Report of April 2021 Vulnerability Report of May 2021 Vulnerability Report of June 2021 Vulnerability Report of July 2021 Vulnerability Report of August 2021 Vulnerability Report of September 2021 Vulnerability Report of October 2021 Vulnerability Report of November 2021 Vulnerability Report of December 2021

Vulnerabilities Identified in 2022

Vulnerability Report of January 2022 Vulnerability Report of February 2022 Vulnerability Report of March 2022 Vulnerability Report of April 2022 Vulnerability Report of May 2022 Vulnerability Report of June 2022 Vulnerability Report of July 2022 Vulnerability Report of August 2022 Vulnerability Report of September 2022 Vulnerability Report of October 2022 Vulnerability Report of November 2022 Vulnerability Report of December 2022

Vulnerabilities Identified in 2023

Vulnerability Report of January 2023 Vulnerability Report of February 2023 Vulnerability Report of March 2023 Vulnerability Report of April 2023 Vulnerability Report of May 2023 Vulnerability Report of June 2023 Vulnerability Report of July 2023 Vulnerability Report of August 2023 Vulnerability Report of September 2023 Vulnerability Report of October 2023 Vulnerability Report of November 2023 Vulnerability Report of December 2023

Vulnerabilities Identified in 2024

Vulnerability Report of January 2024 Vulnerability Report of February 2024 Vulnerability Report of March 2024 Vulnerability Report of April 2024 Vulnerability Report of May 2024 Vulnerability Report of June 2024 Vulnerability Report of July 2024 Vulnerability Report of August 2024 Vulnerability Report of September 2024 Vulnerability Report of October 2024 Vulnerability Report of November 2024 Vulnerability Report of December 2024

Vulnerabilities Identified in 2025

Vulnerability Report of January 2025 Vulnerability Report of February 2025 Vulnerability Report of March 2025 Vulnerability Report of April 2025 Vulnerability Report of May 2025 Vulnerability Report of June 2025 Vulnerability Report of July 2025 Vulnerability Report of August 2025 Vulnerability Report of September 2025 Vulnerability Report of October 2025 Vulnerability Report of November 2025 Vulnerability Report of December 2025

Vulnerabilities Identified in 2026

Vulnerability Report of January 2026 Vulnerability Report of February 2026 Vulnerability Report of March 2026 Vulnerability Report of April 2026

Security Bulletins

Latest Threats & AppTrana Coverage

Vulnerabilities 2024

Hotjar's OAuth+XSS Flaw Exposes Millions at Risk of Account Takeover Critical Apache OFBiz Zero-day AuthBiz (CVE-2023-49070 and CVE-2023-51467)CVE-2024-4879 & CVE-2024-5217 Exposed - The Risks of RCE in ServiceNow ScreenConnect Authentication Bypass (CVE-2024-1709 & CVE-2024-1708)CVE-2024-4577 – A PHP CGI Argument Injection Vulnerability in Windows Servers CVE-2024-8517 – Unauthenticated Remote Code Execution in SPIP CVE-2024-1071 – Critical Vulnerability in Ultimate Member WordPress Plugin Cryptocurrency Mining Attack Exploiting PHP Vulnerabilities: An Emerging Threat

Vulnerabilities 2025

Credential Coercion Vulnerabilities in Ivanti Endpoint Manager CVE-2024-4577 - PHP-CGI RCE Exploitation in Windows Servers CVE-2025-24813 - Apache Tomcat Vulnerability Under Active Exploitation CVE-2017-12637: Exploitation of SAP NetWeaver Directory Traversal Vulnerability SAP Zero-Day CVE-2025-31324: Unauthenticated RCE in NetWeaver VCFRAMEWORK CVE-2025-31650: Tomcat HTTP/2 Flaw Leads to DoS Exposure CVE-2025-4123: The Grafana Ghost Vulnerability that Enables Account Takeover CVE-2025-53770: SharePoint Zero-Day Under Active Exploitation CVE-2025-54253: Critical Zero-Day Vulnerability in Adobe Experience Manager Forms Cl0p Exploits Critical Oracle E-Business Suite Zero-Day (CVE-2025-61882)Multiple XSS Vulnerabilities in Liferay Portal & DXP: Analysis, Impact, and Prevention CVE-2025-59287: Critical WSUS Vulnerability Exploited in the Wild SessionReaper (CVE-2025-54236): Impact, Detection, and Mitigation Django Vulnerabilities Expose Apps to SQL Injection and DoS Attacks CVE-2025-55752: Apache Tomcat Path Traversal Vulnerability CVE-CVE-2025-64446: Critical FortiWeb Path Traversal Vulnerability Under Active Exploitation CVE-2025-54057: Stored XSS Vulnerability in Apache SkyWalking Exposes Monitoring Dashboards to Attackers React2Shell(CVE-2025-55182): Critical RCE Vulnerability in React Server Components and Next.js CVE-2025-66516: Critical XXE Vulnerability Exposes Apache Tika Deployments CVE-2025-10573: Critical Unauthenticated Stored XSS in Ivanti Endpoint Manager CVE-2025-66675: Apache Struts DoS Vulnerability Leads to Disk Exhaustion React After React2Shell: New RSC Vulnerabilities Expose DoS and Source Code Risks Apache Commons Text Code Injection Vulnerability (CVE-2025-46295)CVE-2025-68613: Critical n8n RCE Vulnerability Enables Full Server Compromise Critical Node.js Vulnerabilities Expose Uninitialized Memory (CVE-2025-55131)CVE-2025-3248: Critical Langflow Unauthenticated Remote Code Execution Vulnerability

Vulnerabilities 2026

CVE-2026-21858 (Ni8mare): Unauthenticated Remote Code Execution in Self-Hosted n8n CVE-2026-22610: Angular Template Compiler XSS Vulnerability Enabling Client-Side Script Execution CVE-2025-11953 – Metro4Shell RCE in React Native Metro Server CVE-2026-1281 & CVE-2026-1340: Actively Exploited Pre-Authentication RCE in Ivanti EPMM CVE-2026-1357: WordPress Plugin RCE Exposes Sites to Full Takeover CVE-2026-27739: Angular SSR Request Vulnerability CVE-2026-32201: SharePoint Spoofing Vulnerability Enabling Unauthenticated Impersonation CVE-2026-34197: Apache ActiveMQ Jolokia RCE Vulnerability CVE-2026-41940: WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability CVE-2026-23918: Apache HTTP/2 Double-Free Vulnerability with Possible RCE Bleeding Llama (CVE-2026-7482): Critical Unauthenticated Memory Leak in Ollama

Other Vulnerabilities

Apache Struts 2 Vulnerability CVE-2023-50164 Exposed CVE-2024-8190 – OS Command Injection in Ivanti CSA CVE-2024-9264 - Grafana’s SQL Expressions Vulnerability HTTP/2 Rapid Reset Attack Vulnerability Oracle WebLogic Server Deserialization Apache Struts Remote Code Execution Vulnerability (CVE-2018-11776) Unpacking the Zimbra Cross-Site Scripting Vulnerability(CVE-2023-37580)Adobe ColdFusion Vulnerabilities Exploited in the Wild Remote Unauthenticated API Access Vulnerabilities in Ivanti Multiple Moveit Transfer Vulnerabilities Apache log4j RCE vulnerability

AppTrana API Integration

AppTrana API Access via Token-Based Authentication API Request to Purge CDN Data Update Origin Server Address through API Call API Request to Blacklist IPs

Release Notes

Indusface WAS

Indusface WAS 1.1.0

API Scan Coverage for OWASP Top 10

Go through the following report for API Scan Coverage for OWASP Top 10 - 2023.

API Scan Coverage for OWASP Top 10.pdf

Was this helpful?

Powered by Product Fruits