Below is a short summary of recent work on the product and an insight into the development of AppCheck. As always, if you have any questions around specific areas then please feel free to contact your account manager or email us: info@appcheck-ng.com

Last week there was a lot of work taking place around updating how our UAT environment works and changing our Jenkins build pipeline and Salt to automatically promote our production branches to UAT.

Operations have been moving further forward with updating our monitoring to a newer Grafana and Prometheus based stack. We are currently evaluating on a number of hosts across our estate looking at monitoring custom metrics gathered from scans.

The internal hub interfaces have been switched to Django from Flask as the framework has a more ‘batteries included’ approach. This will provide a better foundation for additional features we want to expose over the course of the year.

Self-service scope validation service has been promoted to master and is scheduled for UAT and release in the next couple of weeks.

New Features

• PDF reporting can now be enabled on a customer by customer basis for none resellers
• Report groups now support switching between latest scan result sets and all detections for scans found in that group
• Vulnerability management workflow now has vulnerability suppression management, so when setting a status of “Acceptable Risk” or “False Positive” a time period can be set for when AppCheck will flag this again in the future
• API added controls to query a list of available hubs to start a scan on. A scan hub can now be specified when starting a scan

Bugs Fixed

• The period of time that it takes the scans manager to decide a scan hub is unavailable has been increased if an increase in service traffic has been detected
• Managed Service – manually edited vulnerabilities and manually confirmed vulnerabilities will no longer have their details edited upon re-detection
• In the event of prolonged communication loss with an internal scan hub, we now write detections to disk and then re-transmit upon re-connection or upon service restart
• Reseller branded PDF reporting – changes to the formatting, rendering improvements, added additional details to the table of contents
• CSRF token in GoScript editor has been fixed so it can no longer be bypassed
• GoScript and vulnerability quick popup windows will now read the links and automatically load
• API large vulnerability download issue has been re-written to be faster and a bug where it can time out has been resolved
• GoScript workflows now merge with the main scan attack surface
• Resolved an issue with the DNS container not updating host entries correctly

Make sure to bookmark the blog or to keep up to date follow us on LinkedIn where we will be posting about our events, news and product updates.