WASP Release Notes
- October 2023
VERSION October 2023
Support chatbot
We have integrated a chatbot into the WASP platform to assist with common enquiries. This tool is designed to provide immediate answers to frequently asked questions about WASP’s functionalities. If the chatbot does not suitably address your query, our support team remains available for further assistance.
New ASM scanners - XSS dynamic scanner
We have incorporated a new automated scanner into the ASM specifically designed to detect Cross-Site Scripting (XSS) vulnerabilities. This enhancement aims to bolster the security measures of our platform by identifying potential XSS threats. This feature can be easily toggled on or off through the scanner settings section for users who wish to customize their scanning preferences.
This addition underscores our commitment to providing robust security tools tailored to our users’ needs.
Risk score widget refinement
The risk score feature has been updated for clarity. This enhancement offers a more comprehensive view of the factors that go to make up the risk score, allowing users to better understand the determinants of their risk assessments.
Full Automated Report Generator
1. Fully Automated Reports Generator
- Introducing our new feature that allows users to generate reports with zero manual intervention. Just set your parameters, and let the system do the rest!
2. Enhanced Report Types:
- Catering to diverse needs, we now support four distinct types of reports. Choose the one that fits your requirements:
- Full Report: A comprehensive report detailing all aspects of the analysis.
- Executive Report: A high-level summary tailored for executive audiences, focusing on key findings without going into technical details.
- Retest Report: A report that focuses on areas that underwent retesting and highlighting the vulnerabilities identified and their resolution status.
- Attestation Letter: A formal document attesting to the accuracy and completeness of the data presented, designed for sharing with third party stakeholders.
Export findings to CSV
To make it more convenient for users to access and utilize review findings even when offline, we have implemented a new feature on the Analysis page. We have added an export findings button, which allows users to easily export the filtered findings that are currently being displayed on the screen to a CSV file. This enhancement provides users with the flexibility to save and share the review findings in a format that is widely supported and easily accessible for further analysis and collaboration purposes.
Indication of first seen and last seen dates from Assets
The Assets page has been enhanced to provide users with a more comprehensive data set. In addition to displaying the date an asset was first seen and last seen, the page now also includes additional information such as the asset’s source, category, and status. This expanded data set allows users to gain deeper insights into the lifecycle of each asset and make more informed decisions based on the available information.
Enhancements to Latest Analysis badges
The Latest Analysis section on the main dashboard has been enhanced for improved user experience. It now precisely indicates the reason a finding has been queued in the latest analysis by displaying a relevant badge, providing users with more clarity on the analysis process.
Introduction of history log in Finding Details
Users can now view a chronological history of actions on the findings’ entity page. This feature allows for better tracking and understanding of the actions performed on each finding.
Addition of New Assets in Assets Page
Customers have the capability to add new assets. Navigate to the assets page, click on ‘Add New Asset’, enter the necessary information, and select ‘Add Asset’. This feature provides users with more control and flexibility in managing their assets.
Asset deletion
WASP now provides the option for users to delete assets themselves. To do this, go to the asset entity page and select Edit -> Delete.
Project-based access control
Project-based access control is a system that allows organizations to manage and control access to resources based on projects. This approach enhances security, streamlines workflows, and protects sensitive information so that only those users who require access to a project, have access.