GraphQL Managed Action
- Introduced a new managed action for testing GraphQL APIs for vulnerabilities and misconfigurations.
Auth Providers for Actions
Auth providers make it possible to do authenticated DAST.
- Added support for multiple authentication types, including JWT Bearer (RS, HS, ES, PS), Bearer Tokens, and API Keys.
- Configure JWT algorithms, payloads, token expiration, and request header prefixes.
- Specify custom header names and values for API key-based authentication.
Actions Run History
- Introduced an action run history feature, allowing you to review request and response bodies, view the number of findings generated, and view any error messages.
OpenAPI Specification
Enhanced Log Sanitization
- Improved sanitization for logs.
- Reduce false positives on auth secret matches.
AWS Application Load Balancer Findings
New findings for AWS Application Load Balancers (ALB):
- AWS ALB has insecure desync mitigation mode
- AWS ALB listeners should be configured with a strong security policy
- AWS ALB has a WAF that is set to fail open
- AWS ALB missing deletion protection
- AWS ALB not configured to drop invalid HTTP headers
- AWS ALB should redirect HTTP to HTTPS
- AWS ALB logging is not enabled
- AWS ALB is missing WAF
- AWS ALB listeners should use HTTPS or TLS termination
Filters Module on Findings and APIs
- New filters module added:
- Sort order:
- Sort findings by when created and severity.
- Sort APIs by when created and risk.
- Save/Load Filters: Added the ability to save and load filters for APIs.
Bug Fixes
- General bug fixes and improvements made throughout the FireTail platform.
