News — integration

Hello all, Codename SCNR v1.5 and Codename RKN 1.4 have just been released, both now with support for incremental scans. This means that a scan session is maintained and the following workflow is now possible: Run initial/seed scan. Store its session in a file. Run a re-scan, auditing only newly introduced input vectors, i.e. continuing a previous session. Store its session in a file. And so on and so forth. This has the massive advantage of re-scans being immensely quick, as they will only concern themselves with newly introduced input vectors, rather than being full dumb scans again and again....

Hello all,   Some time ago I announced the arrival of IAST scanning for Rack-based (such as Ruby-on-Rails, Sinatra, etc.) web applications. The feature is now here and I'd like to demo it for you. We have our application, in this case a Sinatra one, and it goes like: As you can see, scnr/introspector has been required and made use of. Now we run a scan with no additional options or configuration: ./bin/scnr http://localhost:4567/ [...] [+] Web Application Security Report - SCNR::Engine Framework [~] Report generated on: 2024-01-08 09:59:13 +0200 [+] System settings: [~] --------------- [~] Version:           1.0dev [~] Seed:...