Releases: secdec/attack-surface-detector-zap
Releases · secdec/attack-surface-detector-zap
Version 1.1.4
Changes
- Incremented to 1.1.4 and changed build to keep the value synced between pom.xml and ZapAddOn.xml.
- Removed casting when loading/referencing extensions by using class not NAME string.
- Added exception handling for when spider is selected but target is not available.
- Other minor maintenance changes.
Version 1.1.3
Additions
- Added the Ability to detect multiple frameworks within the same project
- Added the ability to detect endpoints from multiple frameworks in the same project
Changes
- Upgraded Ham engine for better framework compatibility.
- Improved framework compatibility
- Quality of life improvements
Version 1.1.2
Additions
- Added the Ability to import endpoints from an ASD CLI JSON output file
- Added the ability to double click an endpoint to view its details
- Added configuration Subtab
- Added a help tab to the Attack Surface Detector
Changes
- Redesigned the Results tab for better look and feel
Deletions
- Removed Excess Logging statements
- Removed tools menu items
- Removed View Selected Button
Version 1.1.1
Additions
- New File filters for source code selection to prevent erroneous formats.
- The Attack Surface Detector can now import endpoints from a .war file containing source code
- Adds new Attack Surface Detector icon to the ASD panel.
Changes
- Modified logging procedure to properly reflect OWASP Procedure
- Modified Endpoint Comparison to fix underlying NPE
- Options Dialog has be redesigned for a better user experience
- Updated Zap Version Compatibility to 2.7.0
- Spider method has been updated to utilize the API related to the new ZAP version
- Modified README to help users and contributors alike.
- Updates HAM engine version to fix compatibility issues
Version 1.1.0
Additions
- Added the ability to import endpoints from a zip file
- Added the ability to import two different version of the same source code and compare them for changes.
Changes
- Comments inside requests now reflect if the endpoint was new/modified/unchanged
- Request highlight colors have now changed to cyan for unchanged, magenta for modified, and orange for new endpoints
- The Endpoint details view now highlights new endpoints as well as new/modified/deleted parameters.
Version 1.0.1
Version 1.01 of the Attack Surface Detector adds better user documentation as well as updated maven dependencies. It also decreases bloat by removing legacy classes, and external packaging scripts.
Additions:
- User guide
- Install guide
- ReadMe documentation
Changes:
- Updates internal dependencies
- Removes legacy code
- Removes outdated packaging scripts
Version 1.0.0
We're proud to release version 1.0
Additions
- Added an Attack Surface Detector tab to the status pane
- Added a table that lists all endpoints discovered from the source code analysis
- Added a dialog that lists the details of the selected endpoint.
- Added an options dialog that allows the user to configure the plugin prior to executing an import
Changes
- Requests are now made directly from the discovered endpoints.
- Removes the old target url dialog and source folder location dialog and combines them into one.