Our GoScript service has been receiving some additional love recently, with updates to provide details on authentication analysis.

This new module assists in checking that authentication is going to hold within a web application scan, driving a browser through the authentication steps but then analysing the authentication method and testing how the session is maintained as well as any limitations on the session.

For example we may discover that a session is cookie based and has no limit to the active number of connections. Alternatively we may discover the session is JWT based with a limitation of 2 threads on requests.

Another crucial part of auth analysis is making sure we can log out and re-authenticate into a session, this is crucial for in application and API scanning to know that we can reset a session and get back in to carry on discover and attacks.

We have also introduced a module to automatically generate goscripts for authentication when seeded with a login URL and credentials. This helps streamline the process of creating an authentication script which can then be subjected to auth analysis as described above.

Benefits this feature provides:

• Enhanced insights into authentication.
• Streamlining processes with the automation of goscripts generation for authentication.

Our internal hub firmware has been updated to 1.0.18, this has introduced a few quality of life updates including support tools for helping to diagnose environmental issues. This includes problems like connectivity issues, WAF or content filters intercepting and firewall rules.

Here are some key features and updates to be aware of:

• Scan hubs can now run automatic updates post reboot (Assuming there are no connectivity issues).
• Update tools have now been converted to a service that can also be run client side to force a firmware update with roll back support to previous versions.
• Small improvements have been made to the ISO installer to ensure correct resources are available on the target machine.

Looking to the future, we’ll be introducing additional new features to the firmware to allow more customer control over the update process and configuration.

Screenshots:

GoScript:

Scan Hub:

Other recent product updates include:

• User Interface Refresh
• Alerts & Notifications Panel
• Windows Patch Detection Enhancements

Additional Information

As always, if you require any more information on this topic or want to see what unexpected vulnerabilities AppCheck can pick up in your website and applications then please contact us: info@appcheck-ng.com

About AppCheck

AppCheck is a software security vendor based in the UK, offering a leading security scanning platform that automates the discovery of security flaws within organisations websites, applications, network, and cloud infrastructure. AppCheck are authorized by the Common Vulnerabilities and Exposures (CVE) Program as a CVE Numbering Authority (CNA).