Table of Contents

Indusface Product Newsletter- April 2021

Author Updated by Author

Indusface has produced new features and changes in this quarter. These changes are informative and appealing.

Date: 08/04/2021

-----------------------------------------------------------------------------------------------------

AppTrana Updates

Export the data into CSV format

Now AppTrana customers can export data into the CSV format and conduct offline analysis. Download CSV option will help customers to analyze data for a specific time slice using various filters available, download and pass to internal team for further analysis.

AppTrana allows customers to set the period and export the selected data into a CSV file. This feature is available for Action details, Attack Logs, Access Logs, and Vulnerabilities.

Attack payload parameters- PHP Session ID

Attack Payload Data enhanced with PHP Session ID variable. The PHP session Id variable helps to identify the exact requests that cause the attacks by checking the logs.

Attack details with Geo, IP, and BOT categories

Attack details categorized as Geo, IP, BOT categories, and other attacks. Blocked attacks count represented in a pie chart, which displays attacks blocked by GEO and IP blocking separately.

Grouping Websites

Group's feature simplifies the work process for customers with multiple websites. Websites typically have multiple characteristics and properties. Group's feature helps to club the websites that have the same properties and characteristics.

  • Customers can check the progress of vulnerabilities found, bandwidth details, and attack details of their sites within the group. 

How to Create a New Group?

Customers can create group in two ways.

1. Customers can create a new group through Overview tab.

2. Customers can create new group through the manage tab.

Add Websites to the Group

In which section Group data will be available? 

Group level data will be available in the ‘Overview’ Tab. 

Access to the group 

While adding a user to the account, admin can set access to the specific group for the user and the user will get access to all the sites associated with that group.

WAS Updates

Email Alerts

Users can enable/disable email alerts that they want to receive. Below are some of the alerts that users can control. 

Scan Result Notification 

Users can enable/disable scan result emails. Scan Result emails are a great way to get quick snapshots when the scan is completed. 

Reminders on Scan Usage 

Scan reminders emails send to the customers if the site auto-scan has not been done for the last 30 days and manual pen-testing has not been done for the last 90 days.

Product Newsletter

Product Newsletter is a great way to get the latest information about new features, signatures, and plugins released by Indusface.

URI Sitemap 

Application Audit scans have an additional report that is URI Sitemap. URI Sitemap shows a list of all the URIs that the scanner has scanned. URI Sitemap is available in the Application Audit tab. 

Version Upgrade 

Our web Application Scanner gets updates periodically to support the latest version of the application framework for which the scan is being performed. Our Scanner has been upgraded to support.

  1. Electron version - 11.3.0 
  2. Node Version - 12.18.3 

This will enable better detection as the ability of both the crawler and scanner is improved.

Executive Report 

WAS Customers can download the Executive Report from the Summary page. Executive Report contains a summary of the WAS account for executives to understand security posture very quickly.   

The report contains five sections 1. Usage Report 2. Action Center 3. Application Audit 4. Malware Monitoring 5. Vulnerability Assessment. 

Sig Dev Labs

The following signatures are added to the Scanner to identify the new vulnerabilities. 

Web Cache Poisoning Attack  

Web Cache Poisoning is an attack against the integrity of the web cache repository. Users of the web cache repository will consume spoofed content instead of genuine ones. Combined with injection attacks such as XSS which leads to sensitive data exposure, cookie stealing, and session hijack.

Oracle WebLogic Server URI Attack  

CVE-2020-14882, CVE-2020-14883 vulnerabilities allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.  Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. 

Microsoft Exchange Server RCE

Microsoft Exchange Server RCE is a SSRF flaw against exchange sever exploited as part of the initial attack chain leading to various post-authentication vulnerabilities. A successful exploit can lead to RCE, expose sensitive information, send spam campaigns, exfiltrate data and compromise the internal network. this plugin will provide coverage for CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065. 

WAF Rule Updates

The following rules are added to the WAF to improve protection coverage.

HTTP Request Smuggling Attack 

HTTP Request Smuggling Attack is identified and blocked with multiple Content-Length HTTP headers. This helps to protect the application from the malicious requests which pose as regular HTTP requests and gain access to the crucial resources.

Microsoft Exchange Server Remote Code Execution 

Remote code execution attempt (CVE-2021-26855) in Microsoft Exchange Server can be exploited via sending arbitrary HTTP requests with configured headers. AppTrana now protects applications with this vulnerability of being exploited.

How did we do?

Indusface Product Newsletter - October 2021

Indusface Product Newsletter-January21

Contact

This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply.