September 2024
Application Features
New Feature
Asset Query Optimization – This update is part of our ongoing efforts to improve the speed and reliability of the platform, especially for users managing large datasets.
Key Enhancements:
Enhanced Query Performance: Asset queries are now optimized to retrieve data from a cached view of asset totals instead of relying on real-time dynamic database requests. This change significantly reduces the time required to access issue counts for assets, improving overall performance.
Cached Data Implementation: We have introduced a new system that generates and maintains cached totals for each asset. As a result, queries now pull data from this cache, providing quicker access to the information you need.
What to Expect:
Automatic Updates: Cached asset totals are automatically refreshed in the following scenarios:
When an asset is added or generated on the platform.
Whenever issue statuses linked to an asset are updated.
After any new import that includes the asset.
After any recast of an issue related to an asset.
A daily refresh of the asset data takes place every morning to ensure all totals are accurate.
User Notification: During times when an asset sync is in progress, you will see a message within the assets page indicating that data is being updated. This message is intended to keep you informed and aware when the latest data is being processed.
Impact on Your Experience:
Improved Performance: You should notice faster load times when accessing asset-related data, enhancing your overall experience on the platform.
Platform Improvements
Platform Performance Enhancements – We’ve implemented several key optimizations across the platform to significantly improve loading times and efficiency:
Assets Page Optimization: Enhanced loading mechanisms for large tenants ensure that asset statistics and details are now retrieved almost instantly.
Project Stats Improvements: Optimized query structures have reduced the loading time for project statistics, facilitating quicker access to critical data.
Phase Page Enhancements: By separating the loading processes for phases and issue counts, the phases page now loads quicker, significantly boosting performance for tenants with extensive data.
Improved Asset Group Performance: For Asset Groups with a large number of assets, we’ve optimised the loading of Affected Instances. By restructuring how issues are queried and presented by risk rating, we’ve reduced loading times dramatically. This approach ensures that users can access and switch between issue views quickly, even with very large asset groups.
These updates are designed to streamline user interactions and enhance productivity, ensuring a smoother and more responsive experience across the platform.
Enhanced PDF Generation with WeasyPrint – We have upgraded our PDF generation capabilities by migrating from WKHTML to WeasyPrint. This change significantly enhances the flexibility and customisation options available for reports generated by the platform.
Key Enhancements:
Improved Customization: WeasyPrint allows for more sophisticated styling and layout options, enabling the creation of highly customized and visually appealing reports. These improvements will be available in the platform for the end user soon.
Enhanced Performance: The new PDF generation tool improves the speed and reliability of report production, ensuring a smoother user experience.
Impact: This upgrade not only will enhance the aesthetic and functional aspects of PDF reports but also sets the stage for future enhancements that can leverage WeasyPrint’s advanced features to meet diverse user needs.
Enhancing Report Customization and Performance: With WeasyPrint, our platform will be able to offer better-designed reports, tailored to the specific needs of our users, enhancing both the presentation and the dissemination of critical information.
Option to Clear an Asset’s Priority Rating – In response to user feedback, we have introduced the ability to clear or remove an asset’s priority rating on the platform. This small but significant improvement allows users greater flexibility in managing asset data, addressing the previous limitation where priority ratings could not be unset once assigned.
Ability to Clone Users and Their Permissions – To enhance administrative efficiency and streamline the onboarding process for new users, we are introducing the capability to clone existing users along with all or part of their permissions within the platform. This feature allows administrators to quickly replicate user settings, ensuring new team members or departmental shifts can be accommodated without the need for manual configuration of access rights.
Key Enhancements:
Clone User Function: Administrators can now select an existing user and clone their profile permissions, including all permissions related to the platform, projects, phases, assets, asset groups, and questionnaires.
Simplified User Setup: The platform will prompt the administrator to specify the details for the new user to whom the cloned permissions will apply, ensuring a seamless transition and accurate permission setting.
Enhancing Administrative Efficiency: This new feature is aimed at improving the efficiency of user management within the platform, reducing the administrative burden and potential for error associated with manually setting complex permission structures. By enabling user cloning, we support our clients in maintaining consistent access controls and ensuring rapid deployment of new team members with the required permissions.
Inclusion of CVE References in PDF Exports – To enhance the informational value of PDF reports generated by the platform, we are introducing the inclusion of Common Vulnerabilities and Exposures (CVE) references within the export. This addition aims to provide users with detailed and actionable security insights directly within their reports, catering to the growing needs of clients who utilize the platform for comprehensive vulnerability management.
Key Enhancements:
CVE Reference Inclusion: PDF reports will now contain CVE references for issues, providing detailed vulnerability descriptions and enhancing the report’s utility as a tool for understanding and addressing security threats.
Exploit Availability Indicator: As a valuable addition, PDFs may also indicate whether an issue has an associated exploit or active exploit available, offering further context to the report recipients about the severity and immediacy of the threat posed by the vulnerabilities.
Enhancing Report Detail and Usability: This improvement is designed to make PDF exports from the platform not only more informative but also more actionable by including detailed CVE references and exploit availability. These enhancements support our clients’ needs for detailed documentation and aid in making informed security decisions based on the comprehensive data provided.
Expanded Scanner ID Inclusion in JSON Exports – To enhance the comprehensiveness of JSON export functionality on our platform, we are expanding the range of scanner IDs included in the exported files. Previously limited to a set list of identifiers such as Nessus ID, Rapid7 ID, Qualys ID, Nipper ID, and OWASP ID, the JSON exports will now encompass additional IDs from all supported integrations, such as Burp ID and others.
Key Enhancements:
Inclusion of All Supported Scanner IDs: The JSON export feature will now include identifiers from a broader range of security scanners and tools, reflecting our commitment to supporting diverse cybersecurity environments.
Comprehensive Data Export: By incorporating additional scanner IDs, users can expect more detailed and usable data from their exports, facilitating better data integration and analysis across different security platforms and tools.
Enhancing Data Integration and Analysis Capabilities: This feature improvement is aimed at providing users with a richer, more detailed set of data through JSON exports. By including scanner IDs from all supported integrations, we enable more thorough data analysis and better alignment with users’ comprehensive security tool ecosystems, supporting enhanced cybersecurity measures and insights.
Operational Features
Platform Improvements
Enhanced Integration of External IDs in GenericDB – We have improved the Generic Database to include additional identifiers such as ‘burp_id’, ‘invicti_id’, ‘black_kite_id’, ‘aws_inspector_id’, and ‘microsoft_defender_id’. This update facilitates better integration of issues from various security tools, enhancing traceability and the management of vulnerabilities across different systems.
Key Enhancements:
Expanded Support for External IDs: Integration of multiple new identifiers ensures a more robust linkage between imported issues and their corresponding tools, enhancing continuity across scans.
Improved Management of Security Issues: By maintaining accurate parent-child relationships, the platform ensures consistent tracking of issues through successive scans.
Enhancing Security Posture Management: This update strengthens the platform’s capability to handle security issues from multiple sources more effectively, offering our partners a consolidated view and better management of vulnerabilities.
Retest Tech QA Status and Assignment Correction – We have refined the retest QA submission process to ensure that retests enter the system with a ‘Tech QA Required’ status rather than erroneously appearing as ‘Tech QA Assigned’. This update addresses the issue where retests are automatically assigned to the original reviewer and are displayed in their dashboard, which has been leading to confusion among users.
Key Enhancements:
Correct Initial Status: Retest QAs will now enter the system with a ‘Tech QA Required’ status, aligning them with the entry status of new tests and clarifying that they need to be assigned for review.
Independent QA Assignment: Retests will no longer auto-assign to the original reviewer. This change ensures that each retest QA is treated as a new entity, allowing for fresh assignments that are appropriate to the current context and resource availability.
Acceptance Criteria:
Upon submission, retest QAs must should be listed as ‘Tech QA Required’ in the overview dashboard.
Retests should not appear in the dashboard of the original tester or reviewer unless specifically assigned to them again for the retest.
The platform should allow for the manual assignment of retest QAs to ensure they are reviewed by the appropriate personnel.
Streamlining Retest QA Processes: This improvement is designed to streamline the retest QA process, making it clearer and more efficient. By ensuring that retests are correctly categorized and assigned, we enhance the overall QA workflow and support our partners in maintaining high standards of review and verification.
