This is a feature release focused on payload obfuscations and filter evasions.
- Whitelisting: define validators for your web application parameters, eliminating XSS and SQLi issues. WebKnight suggests validators based on scanned traffic. - Added a lot of new signatures to detect attacks using filter evasion techniques and encoding obfuscation. - Improved XSS scanning. Special thanks to Ashar Javed (@soaj1664ashar) for reporting additional keywords and suggesting improvements. - Added Host header scanning. - Improved Referrer url scanning. - Improved SQL injection scanning to prevent obfuscations and added more keywords.
This is a feature release focused on improving our scanning engine and related bug fixes.
- Added a lot of new signatures to detect remote file inclusion and PHP exploits. - Improved SQL injection scanning. Special thanks to Khalil Bijjou for reporting some bypasses and suggesting improvements. - Forms Authentication scanning. - Detect parameter pollution attacks. - Added new XSS keywords for mobile devices, animations... - Deny payloads (post data) for certain methods. - Fixed mp3/mp4 files not playing in Chrome/IE. - Fixed OnUrlMap race condition between IIS 8 and WebKnight. - IIS Authentication notification can be disabled, this fixes the issue in KB 2605401.