Hello all,
There is a new release of Codename SCNR, v1.7.0, and it includes some really spectacular updates.
Let's dive in.
The Introspector
The Introspector is middleware that you use in your web application in order to provide immense context to identified issues:
- Execution flow
- Which parts of the web application code were executed.
- File paths
- Source code
- Methods/functions
- Data flow
- Which parts of the web application the audit payloads traversed through.
- File paths
- Source code
- Methods functions
- Arguments at the time.
- Source code for those methods.
- Backtrace.
Hunting down issues just became easier than ever.
In addition, armed with this knowledge, nowadays, there's very little that's not possible to automate.
Currently, the Introspector is only available for Ruby (Rack-based) web applications.
OpenAI integration
By feeding all available context to OpenAI, a whole world of possibilities opens up.
- All data come to life and become specialised to the issue at hand.
- Dissection of the issue is done for you.
- Very useful insights are provided.
- Code fixes and patches, along with detailed explanations and instructions, are automatically generated for you.
- Exploitation instructions are automatically generated for you.
- Issue remediation both in text and in code.
- Reporting.
Tier2 plan and above is preferable in order to avoid rate limiting errors.
In conclusion
This is just the beginning with this new technology.
We're exploring features and services and working on getting more languages supported by the Introspector.
Cheers and have a happy new year!
- Tasos L.