Skip to main content

Release Updates (v2.7.0)

The following release updates are available for CxIAST version 2.7.0. Use the search tool to find a specific subject.

New Features and Changes

CxIAST version 2.7.0 includes the following new features and changes:

Category

Feature

Setup & Configuration

Version Upgrade:

If you have version 2.6.1 or below installed, it is required to clean the DB and uninstall the version before upgrading to v2.7.0 installation.

SSL Configuration Tool:

For configuring secure communication between all CxIAST components automatically.

Manual Agent Configuration Options

Interface

Test Coverage: Enables customers to view an estimation regarding the functional testing coverage

Vulnerability Face-lift: An improved look-and-feel of these vulnerabilities:

  • Failed Login Without Audit

  • Successful Login Without Audit

  • CSRF

  • App DOS Database Connections

  • Weak DB Password

System Management

  • Query Editor - Includes new query filtering and text searching capabilities

  • Log Retention - Periodic deletion of old agent logs

Node js

Version highlights:

  • Supported versions: Node.js 6 and above

  • Supporting all Web frameworks

  • Ecmasript6 and below

  • Supported DB: MongoDB, MySQL, PostgreSQL

C# Support (Alpha Version)

Version Highlights:

  • Supported frameworks: version 4.6 and above

  • Web servers supported: IIS and IIS Express

  • Any Web applications or REST/SOAP applications

Supported Vulnerabilities:

  • Command Injection

  • SQL Injection

  • Second Order Command Injection

  • Second Order SQL Injection

  • Stored XSS

  • XSS

  • Open Redirect

  • Path Traversal

  • Second Order Path Traversal

  • Insecure Cookie

  • Insecure Outgoing Communication

  • Least Privilege Violation

  • Outgoing Connection Discovery

  • Weak Cryptography

  • Weak DB Password

  • Weak Hashing

  • Weak Random

  • Application Entry Point

Standalone Java Applications

  • Extends Java support to applications that run as standalone ("thick client" applications)

  • Out of the box support for REST API applications

New Java Application Server / Container Support

  • Payara

  • WebSphere

Known Limitations

Category

Limitation

Setup & Configuration

.NET Alpha

  • C# only

  • .NET framework version 4.6 and above

  • A limited number of vulnerabilities

  • Partial support for custom queries

C# Support:

  • Agent is delivered manually (not via the CxIAST UI)

  • Query customization is done manually

  • Next release (v3.0) will include full blown C# version

Support for Other Application Types

  • Other application types (SOAP, Syslog, Web socket, etc.) will not be supported out of the box, and will require customization

  • The support will be improved in v3.0

The release update is also available for download here.

Send Documentation Feedback - If you have comments about this documentation, you can contact the documentation team by sending your feedback to us. We appreciate your feedback!