Release 3.6

June 04, 2024

What's New?

With this release, we have added support for assets and certificates for web applications scanned by WAS.

Pre-requisites

To view the assets scanned by WAS, you must have a valid WAS subscription.  

 You can view the URL under the asset name scanned by WAS. Clicking the URL navigates to the Application Details page of the WAS application.

New Token for Assets Tab

Token Description Example
asset:(wasUrl: ) Use WAS URL to search assets scanned by WAS. asset:(wasUrl:"https://www.example.com")

New Token for Certificates Tab

Token Description Example
asset:(wasUrl: ) Use WAS URL to search certificates on assets scanned by WAS. asset:(wasUrl:"https://www.example.com")

New Value for Instance Source Token

With this release, you can use instance:(sources: ) token to search the certificates or assets scanned by Web Application Scanning (WAS) on the Certificates or Assets tab.

instance:(sources:WAS)

When this token is used in the Assets tab, the search query displays assets scanned by WAS. When used in the Certificates tab, it displays certificates on assets scanned by WAS.

Widget to View Certificates and Assets by WAS 

You can now create a widget for the dashboard to view assets or certificates scanned by WAS using  asset:(wasUrl:https://example.com) and instance:(sources:was)

Issue Addressed

The user received a certificate with a blank name, as the Common Name field was empty. To address this issue, relevant changes have been made to the code. Now, if the Common Name is empty, the certificate will take its name from the Subject Alternative Name (SAN). If that is also empty, it will use the string from the Subject DN, and if all fields are empty, it will take the serial number as the name.