The SSRF RASP protection is now available in Java!
This bring the compatible technologies to Node.js, Go, Python and Java.
To enable it, all you need to do is to toggle it on from your dashboard.
To learn more about SSRF and how our RASP protection work, you can check out our resources here.
We have added new account settings to your dashboard. You can now:
Cheers!
We have updated the design of the default agent blocking page and made it clearer that users cannot access Sqreen’s customer web application.
Whenever Sqreen tags a given request as malicious or when the requesting IP or user account has been flagged, the Sqreen agent will send back an error page. The main goal of this page is to inform the end users that they have been blocked and cannot access the requested page. The previous version of the page could be confusing to users, and in some cases they tried to sign up for Sqreen to get unblocked.
The new design is now available in the latest version of the Node.js, Go, and Python agents. It is coming to the other agents by 17th June!
Note: this change is only for our default blocking page. You can still redirect to a custom page in Settings if you wish.
We have improved the Security Flow Map!
Moving forward, it will feature all application and service communications, enabling you to get a holistic view of your system.
Improvements include:
These improvements will let you identify apps without a Sqreen agent, and stay better informed about the changes happening in your infrastructure.
To make full use of the new flow map, you will need a compatible Sqreen agent version:
Today we are excited to release Sqreen Test to every Node.js applications.
Sqreen Test enables teams to automatically stress the security of an app during its development, by running on-demand security testing sessions.
No extra installation needed, no exhaustive configuration to write, Sqreen Test leverages an advanced in-app fuzzing engine and automated triage techniques to help unveil vulnerabilities.
Proactively finding (no)SQLi or XSS is now just 1-click away!
Sqreen Test is presently in beta and we are actively looking for design partners. Please consider helping us by giving it a try and contributing your feedback.
Recent events have shown that, more than ever, diversity is important. Sqreen culture values tolerance and we want to democratize security for everyone. That's why we've decided to ban the terms "blacklist" and "whitelist". Moving forward, we will use "denylist" and "passlist" as a better alternative.
Following up the introduction of custom environments, the same application deployed in multiple environments will now appear as one on your Sqreen dashboard.
As a seasoned Sqreen user, you might deal with one application per environment, versus one entity with multiple environments as allowed by this product release. For example, you might have "backend_production" and "backend_dev". But in reality, they are the same "backend" application.
To make them appear as one, we are introducing a migration tool.
This tool lets you remap applications in different environments under the same application. Out-of-the-box, the wizard will do its best to suggest the new structure based on naming conventions in use. You can also moves them around manually to get the proper structure.
To get started, click on the message in the Application selector, or go to https://my.sqreen.com/mapping-applications
We'd love your feedback on all this!
We just added a new way to make sure all the new members of your organization get access to the right applications.
If you head to your profile > Team members you are now able to configure a list of accessible applications any new members will have access to.
Any new invited users will now have access by default to the applications configured here.
Note: this feature is only accessible to users with Role Base Access Control feature.
We thrive to turn a complex topic - app security - and technologies - RASP, In-App WAF, dynamic instrumentation, etc - into a simple product, we believe documentation plays a fundamental role into explaining transparently how things work.
We started a refreshment project of our docs and are excited to announce the 1st of many releases today!
It features a brand new How It Works, brief & in-depth along with a refreshed Protection section!
Enjoy the reading! 📚
We'd love to hear your feedback about all this.
Today we are introducing an important change to the way you connect and manage your applications with Sqreen.
Until now, you could categorize your applications in 3 stages: development, staging and production. This is useful when you have security alerts and need focus on the most important ones first.
But for some of our customers, it wasn't matching their development lifecycle. This could lead some organizations to only use Sqreen in production. Yet it can be valuable to do it at all stages of the development. Covering all the steps of the development is critical to catch security issues early, regardless of how many steps they are.
That's why were are introducing some changes to the way environments work:
This change has no impact on your existing applications. Existing tokens still work. New ones will be tied to the environment they were generated for.
To manage your environments and associated tokens, go to Organization settings, then Environments & Tokens. For organizations with role-based access control, this feature is only available for admins.
