Release 3.6
June 04, 2024
What's New?
Integration with Web Application Scanning App
With this release, we have added support for assets and certificates for web applications scanned by WAS. Users with an active WAS subscription now have the ability to view all assets scanned by WAS directly within Certificate View.
Benefits
You can get a complete visibility and assessment for all the certificates on the web application, including a detailed assessment report, certificate strength, signature algorithm, and cipher suits, and you can monitor their expiration.
Pre-requisites
You must have a valid WAS subscription to view the assets scanned by WAS.
You can use tokens asset:(wasUrl ),instance:(sources: WAS)
to view all assets certificates and instances associated with certificates identified by WAS application.
You can view the URL under the asset name scanned by WAS. Clicking the URL navigates to the Application Details page of the WAS application.
New Token for Assets Tab
Token | Description | Example |
---|---|---|
asset:(wasUrl: ) | Use WAS URL to search assets scanned by WAS. | asset:(wasUrl:"https://www.example.com") |
New Token for Certificates Tab
Token | Description | Example |
---|---|---|
asset:(wasUrl: ) | Use WAS URL to search certificates on assets scanned by WAS. | asset:(wasUrl:"https://www.example.com") |
New Value for Instance Source Token
With this release, you can use instance:(sources: )
token to search the certificates or assets scanned by Web Application Scanning (WAS) on the Certificates or Assets tab.
instance:(sources:WAS)
When this token is used in the Assets tab, the search query displays assets scanned by WAS. When used in the Certificates tab, it displays certificates on assets scanned by WAS.
Widget to View Certificates and Assets by WAS
You can now create a widget for the dashboard to view assets or certificates scanned by WAS using asset:(wasUrl:https://example.com) and instance:(sources:was)
Issue Addressed
The user received a certificate with a blank name, as the Common Name field was empty. To address this issue, relevant changes have been made to the code. Now, if the Common Name is empty, the certificate will take its name from the Subject Alternative Name (SAN). If that is also empty, it will use the string from the Subject DN, and if all fields are empty, it will take the serial number as the name.