WASP Release Notes
Release Notes

(03.04.2024)

Overview

We are pleased to announce the latest release of WASP, packed with new functions, substantial enhancements to existing features, and security updates.

With an emphasis on seamless integration, web asset enrichment, and bug resolution, this update aims to provide a secure, streamlined user experience and augment your team’s efficiency.

Explore this improved iteration of WASP, meticulously designed to meet your professional needs.

WASP Release Notes
- January 2025

VERSION January 2025

Credential Leakage Scanner Upgrade

We’ve upgraded our Credentials Leakage Scanner to provide even deeper insights and more streamlined breach remediation.

Here’s what’s new:

  • Advanced Credential Detection: Enhanced capabilities to identify leaked credentials in near-realtime, ensuring faster and more accurate detection.
  • Malware Deep Dive: Detailed insights into malware linked to leaks, helping you understand the root cause with greater precision.
  • Infected Machine Insights: Pinpoint affected machines to take targeted and effective action quickly.
Credential leakage

New IP Address Asset Type

We’ve added a new IP Address asset type to the WASP ASM platform to improve asset management and scanning capabilities. 🚀

Here’s what’s new:

Add IP Addresses: You can now add IP addresses as distinct assets for streamlined management.

Scan IP Addresses: Leverage our powerful scanning capabilities to identify vulnerabilities and risks associated with your IP assets.

Filter and Manage with Ease: Enhanced filtering in the assets table allows you to view, organize, and manage IP addresses separately, providing better clarity and control over your asset inventory.

To get started, just go to the Assets page and click on the “Add Asset” button at the top right corner.

New Capability - Automatic ASM Retest

Introducing Automatic Retest, an enhancement to our ASM scanning engine.

As part of our daily vulnerability scans, WASP now automatically detects when a previously identified vulnerability is no longer present and marks it as fixed.

This reduces manual effort and ensures:

✅ Accurate, real-time vulnerability status updates.
🛠️ Streamlined remediation tracking without additional overhead.
⚡Improved efficiency for your security operations.

Let the WASP do the heavy lifting, so you can focus on securing what matters most. 🚀

ASM scanner

New Asset Visualization

We’ve added a powerful new tool to visualize and manage your attack surface:

1️⃣ Focus on High-Priority Risks: Group assets by Risk or Priority to address the most critical vulnerabilities and high-value assets first.

2️⃣ Identify Impactful Vulnerabilities: Spot vulnerabilities that affect multiple assets at a glance, making it easier to prioritize fixes that will have the biggest impact.

3️⃣ Align Teams and Products: Visualize you assets by Product to identify and address risks for specific business units.

4️⃣ Streamline Tech Management: Group assets by Technologies to quickly identify outdated or vulnerable components across your stack, plan upgrades, or focus on standardizing technologies across your organization.

To get to the Assets Graph, just go to the Assets page and click on the switch on the top right side of the page.

Asset visualization

New Security Benchmark

We’re excited to launch Security Benchmark, a powerful new feature designed to give you valuable insights into your security posture.

What does it do?
The Security Benchmark enables you to:

  • Compare Your Security Metrics: See how your organization’s security status stacks up against the industry average.
  • Identify Improvement Opportunities: Pinpoint key areas where you can enhance your security to stay ahead of industry standards.
  • Track Progress: Monitor your metrics over time to ensure continuous improvement.

This feature empowers you to make data-driven decisions and confidently communicate your security performance to stakeholders.

Where to find it?
Navigate to the Insights to access your personalized Security Benchmark insights.

Security Benchmark

Report Generator Update

We’ve made some major improvements to our Report Generator, designed to make reporting faster, more versatile, and tailored to your needs!

Here’s what’s new:

Multi-Project Reports: Generate comprehensive reports across multiple projects effortlessly.

Findings Filtering by Product: Narrow down your reports to focus on findings relevant to specific products / business units.

ASM Report: Dive into a dedicated Attack Surface Management (ASM) report for a detailed view of your organization’s exposure.

Timeframe-Based Project Filters: Filter projects within specific timeframes to create reports that match your analysis period.

Reports Generator

WASP Release Notes
- October 2024

VERSION October 2024

Introducing WASP AI

We are excited to announce WASP AI, your new interactive assistant for security management.

Key Features

  • Chat for Instant Insights: Ask WASP AI directly about your security posture and get real-time answers.
  • Converse with Findings: Engage in a conversation to explore detailed insights about your security findings.
  • Converse with Assets: Chat with WASP AI to understand your asset-related insights.

WASP AI delivers instant value by providing quick insights, saving you time and helping you make faster, more informed decisions.

 

 

 

Bulk Asset Deletion & Comment Management

We’ve added two powerful new features to streamline your workflow:

  • Bulk Delete Assets: Now you can easily delete multiple assets in one go, saving you time and effort.
  • Comment Management: You can now edit and delete comments on both assets and findings, giving you more control over your conversations.

These updates make managing your security environment even more efficient! 🎯

 

 

Scanning Audit Logs

We’ve introduced the ASM Scanning Audit Logs feature to offer clearer insights that reflect the history of changes in your WASP scans. This update enhances your ability to track scanning activities effectively.

From now on, you’ll be able to see:

  • Global scan logs: Reflect all WASP scanning activities across your organization.
  • Asset activity logs: See all scanning activity for a specific asset.

 

 

Javascript scanner

We’ve released the Vulnerable JS Packages Scanner, which identifies and reports JavaScript packages with known security vulnerabilities. This tool helps developers and CISOs ensure their applications are secure by detecting potential risks in third-party libraries and dependencies, addressing critical supply chain security concerns.

WASP Release Notes
- September 2024

VERSION September 2024

Introducing Full Automation Freedom With 3rd Party App Integrations

We’re thrilled to introduce WASP’s advanced automation workflows, featuring extensive third-party app integrations, providing you with complete freedom in automation and orchestration. With our new automation module, you can now define integrations with third parties and automate workflows without writing a single line of code, all within minutes. We invite you to reach out to your account manager or customer success for an introduction and initial guidance.

ASM Updates widget

We’re excited to introduce the new ASM Updates widget on the WASP dashboard!

This feature provides a real-time overview of the status and coverage of your automated scanning, along with a detailed timeline of the latest detected findings and assets.

Stay informed and up-to-date with ease, ensuring your environment remains secure and resilient against threats.

asm updates

Bulk assets upload

We are pleased to introduce the Bulk Asset Upload feature, designed to streamline the process of adding multiple assets such as domains and IP addresses to your asset inventory. This feature saves you time by allowing you to add large volumes of assets in one go, reducing the effort required for manual entry.

Self mananged Multi-Tenant PT Management and Findings Upload

This update introduces powerful tools for customers who want to manage their own Penetration Testing projects internally and provides enhanced support for managing multiple business units.

Custom Findings Upload

  • Customers can now write and upload their own security findings directly into the WASP system.
  • Just go to the Findings page and click on the “Create Finding” button on the top right side.

Project Creation and Management

  • Users can create, organize, and manage their own Penetration Testing projects within WASP.
  • Each project can be customized with specific details, including scope, timelines, and assigned personnel.
  • You can generate comprehensive reports that combine manually uploaded findings.
  • To begin using this feature, simply log into your WASP account and navigate to the ‘Projects’ page, click on the “Create project” on the top right side.

Multi Business Unit Management

  • Manage multiple business units within the WASP platform.
  • Provides flexibility to manage and view statistics, risks, and other relevant data across different organizational units.
  • Assign users to one or multiple business units.

Assets notes

With this new feature, you can now add notes/comments directly on your assets!

This enhancement will allow for better collaboration and tracking of important details associated with assets, making it easier for everyone to stay on the same page. Whether it’s sharing insights, leaving reminders, or discussing next steps.

WASP Release Notes
- June 2024

VERSION June 2024

New Notifications Feature

The deprecated “Latest Analysis” feature is replaced with a new notification widget. Accessible by clicking the bell icon, this feature shows changes in ticket statuses and every new detection/change in WASP, ensuring you stay up-to-date with all relevant information.

New notifications

Dark Mode

We have recently published Dark Mode for WASP, enhancing accessibility and providing an option for those who prefer a darker interface. Enjoy a more comfortable viewing experience with our new Dark Mode.

Custom User-Agent String for WASP’s Security Scanners

Users can now choose the user-agent string for their scanners in order to streamline the whitelisting process of WASP scanners.. This feature makes the whitelisting process more agile and customizable to meet your specific needs.

Mobile Version

We have launched a mobile version of WASP, enabling you to manage and monitor your security operations on the go. Access all key features and stay connected with your security landscape anytime, anywhere.

Onboarding Wizard

Designed to serve new customers, this guided wizard is also available for existing customers to complete their onboarding process. The onboarding wizard helps you get fully onboarded within minutes, ensuring a seamless start with WASP.

AWS Certified Partner

WASP is now an AWS Certified Partner and is available on the AWS Marketplace. This partnership allows us to offer our advanced security solutions to a broader audience, leveraging the power and reach of AWS.

WASP Release Notes
- January 2024

VERSION January 2024

New Integrations

We’ve expanded WASP’s capabilities with three new integrations: AWS, Cloudflare, and Okta. While the AWS and CloudFlare integrations enhance your ability to map and understand your organization’s attack surface more deeply and accurately, the Okta integration simplifies user connectivity and management.

For the full Okta integration tutorial, press here.

PT Scheduler (Beta)

Introducing our new Penetration Test Scheduler. This self-service tool allows users to easily schedule penetration tests. The intuitive wizard simplifies the process of gathering scope data and other necessary information for planning and executing penetration tests.

Interactive Page Tours

Enhance your understanding of WASP with our new semi-interactive page tours. Simply click the ‘Tour’ button on any page to receive detailed explanations about the widgets and key features specific to that page.

Bulk Findings Export to PDF

For streamlined reporting and analysis, we’ve added the capability to export a bulk of findings directly to PDF format, making it easier to share and review your security data.

Rich Text Comments in Findings

Our findings feature now supports rich text comments, enabling you to include images, links, and other rich media in your annotations for more comprehensive documentation.

Advanced Filtering for Findings

We’ve introduced new filtering options for findings, allowing you to sort and manage them by criteria such as CWE, CVSS score, Assignee and SLA expiration date. This enhanced functionality provides a more targeted approach to managing your security findings.

WASP Release Notes
- October 2023

VERSION October 2023

Support chatbot

We have integrated a chatbot into the WASP platform to assist with common enquiries. This tool is designed to provide immediate answers to frequently asked questions about WASP’s functionalities. If the chatbot does not suitably address your query, our support team remains available for further assistance.

New ASM scanners - XSS dynamic scanner

We have incorporated a new automated scanner into the ASM specifically designed to detect Cross-Site Scripting (XSS) vulnerabilities. This enhancement aims to bolster the security measures of our platform by identifying potential XSS threats. This feature can be easily toggled on or off through the scanner settings section for users who wish to customize their scanning preferences.

This addition underscores our commitment to providing robust security tools tailored to our users’ needs.

Risk score widget refinement

The risk score feature has been updated for clarity. This enhancement offers a more comprehensive view of the factors that go to make up the risk score, allowing users to better understand the determinants of their risk assessments.

Risk score widget refinement

Full Automated Report Generator

1. Fully Automated Reports Generator

  • Introducing our new feature that allows users to generate reports with zero manual intervention. Just set your parameters, and let the system do the rest!

2. Enhanced Report Types:

  • Catering to diverse needs, we now support four distinct types of reports. Choose the one that fits your requirements:
    • Full Report: A comprehensive report detailing all aspects of the analysis.
    • Executive Report: A high-level summary tailored for executive audiences, focusing on key findings without going into technical details.
    • Retest Report: A report that focuses on areas that underwent retesting and highlighting the vulnerabilities identified and their resolution status.
    • Attestation Letter: A formal document attesting to the accuracy and completeness of the data presented, designed for sharing with third party stakeholders.

Export findings to CSV

To make it more convenient for users to access and utilize review findings even when offline, we have implemented a new feature on the Analysis page. We have added an export findings button, which allows users to easily export the filtered findings that are currently being displayed on the screen to a CSV file. This enhancement provides users with the flexibility to save and share the review findings in a format that is widely supported and easily accessible for further analysis and collaboration purposes.

Indication of first seen and last seen dates from Assets

The Assets page has been enhanced to provide users with a more comprehensive data set. In addition to displaying the date an asset was first seen and last seen, the page now also includes additional information such as the asset’s source, category, and status. This expanded data set allows users to gain deeper insights into the lifecycle of each asset and make more informed decisions based on the available information.

Enhancements to Latest Analysis badges

The Latest Analysis section on the main dashboard has been enhanced for improved user experience. It now precisely indicates the reason a finding has been queued in the latest analysis by displaying a relevant badge, providing users with more clarity on the analysis process.

Enhancements to Latest Analysis badges

Introduction of history log in Finding Details

Users can now view a chronological history of actions on the findings’ entity page. This feature allows for better tracking and understanding of the actions performed on each finding.

Addition of New Assets in Assets Page

Customers have the capability to add new assets. Navigate to the assets page, click on ‘Add New Asset’, enter the necessary information, and select ‘Add Asset’. This feature provides users with more control and flexibility in managing their assets.

Asset deletion

WASP now provides the option for users to delete assets themselves. To do this, go to the asset entity page and select Edit -> Delete.

Project-based access control

Project-based access control is a system that allows organizations to manage and control access to resources based on projects. This approach enhances security, streamlines workflows, and protects sensitive information so that only those users who require access to a project, have access.

As always, we welcome your feedback and requests. If you have any questions or comments, please don’t hesitate to contact us at contactus@op-c.net.

Thank you for choosing WASP.
The WASP Team