News — codename scnr

Hello all!   I wanted to let you know that Codename SCNR v1.7.2 is out and includes several bug fixes and optimizations.   More importantly, however, Introspector support has been added for .NET and Java; now covering .NET, Java and Ruby web applications, with more to come. The instrumentation allows the capture of: Server-side code execution. Server-side data flow (-- not for Java unfortunately). Client-side code execution. Client-side data flow. This in turn allows for immense context to be attached to each identified vulnerability, thus making narrowing down bugs easier than ever.   In addition, with AI and this much...

Hello all, There is a new release of Codename SCNR, v1.7.0, and it includes some really spectacular updates. Let's dive in. The Introspector The Introspector is middleware that you use in your web application in order to provide immense context to identified issues: Execution flow Which parts of the web application code were executed. File paths Source code Methods/functions Data flow Which parts of the web application the audit payloads traversed through. File paths Source code Methods functions Arguments at the time. Source code for those methods. Backtrace. Hunting down issues just became easier than ever. In addition, armed with...

Hello all,   I wanted to take a moment to inform you of the new official release format. From now on, it is recommended to use the official Docker Compose based releases, so as to enjoy a well-tested and stable environment for Codename SCNR and Codename RKN.   For more information regarding the installation process for each product please consult: Codename SCNR Codename RKN   These containers provide a homogeneous environment that runs smoothly on Mac OSX (Intel and Apple Silicon), Linux and MS Windows, allowing you enjoy our products on pretty much any platform supported by Docker.   After...

Hello all, Codename SCNR v1.5 and Codename RKN 1.4 have just been released, both now with support for incremental scans. This means that a scan session is maintained and the following workflow is now possible: Run initial/seed scan. Store its session in a file. Run a re-scan, auditing only newly introduced input vectors, i.e. continuing a previous session. Store its session in a file. And so on and so forth. This has the massive advantage of re-scans being immensely quick, as they will only concern themselves with newly introduced input vectors, rather than being full dumb scans again and again....