Get a holistic view of your system

We have improved the Security Flow Map!

Moving forward, it will feature all application and service communications, enabling you to get a holistic view of your system.

Screenshot_2020-06-30_at_20.54.14.png

Improvements include:

  • visualizing HTTP communications, either internally, or externally with third-party services;
  • support for new database nodes, such as Redis.

These improvements will let you identify apps without a Sqreen agent, and stay better informed about the changes happening in your infrastructure.

Agent compatibility

To make full use of the new flow map, you will need a compatible Sqreen agent version:

  • The Node.js agent version supports the improved flowmap, starting with version 1.45.0;
  • Support for other technologies will be rolled out progressively, over the next month. Stay tuned.

Sqreen Test Beta open in Node.js

Today we are excited to release Sqreen Test to every Node.js applications.

Sqreen Test enables teams to automatically stress the security of an app during its development, by running on-demand security testing sessions.

No extra installation needed, no exhaustive configuration to write, Sqreen Test leverages an advanced in-app fuzzing engine and automated triage techniques to help unveil vulnerabilities.

Proactively finding (no)SQLi or XSS is now just 1-click away!

Screenshot of Sqreen Testing

Sqreen Test is presently in beta and we are actively looking for design partners. Please consider helping us by giving it a try and contributing your feedback.

Making our product more inclusive

Recent events have shown that, more than ever, diversity is important. Sqreen culture values tolerance and we want to democratize security for everyone. That's why we've decided to ban the terms "blacklist" and "whitelist". Moving forward, we will use "denylist" and "passlist" as a better alternative.

Remap your applications

Following up the introduction of custom environments, the same application deployed in multiple environments will now appear as one on your Sqreen dashboard.

As a seasoned Sqreen user, you might deal with one application per environment, versus one entity with multiple environments as allowed by this product release. For example, you might have "backend_production" and "backend_dev". But in reality, they are the same "backend" application.

To make them appear as one, we are introducing a migration tool.

Animated example of how to use the remapping tool

This tool lets you remap applications in different environments under the same application. Out-of-the-box, the wizard will do its best to suggest the new structure based on naming conventions in use. You can also moves them around manually to get the proper structure.

Screenshot of application selector

To get started, click on the message in the Application selector, or go to https://my.sqreen.com/mapping-applications

We'd love your feedback on all this!

Customizable application access when a team member joins (RBAC)

We just added a new way to make sure all the new members of your organization get access to the right applications.

If you head to your profile > Team members you are now able to configure a list of accessible applications any new members will have access to.

Screen Shot 2020-06-09 at 10.48.27 AM.png

Screen Shot 2020-06-23 at 10.31.20 AM.png

Any new invited users will now have access by default to the applications configured here.

Note: this feature is only accessible to users with Role Base Access Control feature.

We're refreshing our documentation!

We thrive to turn a complex topic - app security - and technologies - RASP, In-App WAF, dynamic instrumentation, etc - into a simple product, we believe documentation plays a fundamental role into explaining transparently how things work.

We started a refreshment project of our docs and are excited to announce the 1st of many releases today!

It features a brand new How It Works, brief & in-depth along with a refreshed Protection section!

Enjoy the reading! πŸ“š

We'd love to hear your feedback about all this.

Important change to environments and tokens

Today we are introducing an important change to the way you connect and manage your applications with Sqreen.

Using Sqreen at all stages of your development lifecycle

Until now, you could categorize your applications in 3 stages: development, staging and production. This is useful when you have security alerts and need focus on the most important ones first.

But for some of our customers, it wasn't matching their development lifecycle. This could lead some organizations to only use Sqreen in production. Yet it can be valuable to do it at all stages of the development. Covering all the steps of the development is critical to catch security issues early, regardless of how many steps they are.

That's why were are introducing some changes to the way environments work:

  • You can now customize environments. You can create, remove, rename environments to fit your needs. The only exception being "production", which can not be changed.
  • Environments come with dedicated tokens. When connecting a new application with one of these tokens, it will be restricted to the predefined environment. This ensures that a development token can not be used to connect a production application. Your organization will get 3 new tokens by default. One for production, one for staging, one for development. Connecting your applications to Sqreen with these tokens is now the preferred method.

This change has no impact on your existing applications. Existing tokens still work. New ones will be tied to the environment they were generated for.

Screenshot of environments and tokens management

To manage your environments and associated tokens, go to Organization settings, then Environments & Tokens. For organizations with role-based access control, this feature is only available for admins.

Logging in to Sqreen just got easier

We just enabled the possibility to login to Sqreen using Google/Github SSO. No matter if you are a new user or an existing one, your dashboard is now only one-click away.

Just go to your settings and activate the SSO option you want. Your account and password remain valid and usable after the SSO activation.

Screen Shot 2020-05-05 at 11.02.31.png

Navigating through your applications made easier

New application navigation

As you monitor and protect more applications with Sqreen, it can be harder to navigate through a long list. Today, we are happy to share with you an updated navigation that keeps your applications organized and easier to browse!

Here's what we improved:

  • πŸ“Applications are now grouped and sorted by name. It's easier to track them across development, staging and production. To group applications that are in different environment, simply give them the same name. We're also working on a way to rename multiple applications at once, so stay tuned!
  • πŸ”This list is now searchable. You no longer need to scroll, scroll, scroll.
  • πŸ§˜β€β™€οΈWe reduced the noise. The top-level badge displays only the incident count for production apps. Of course, the number of incidents for staging and development is still available at the second level.

App Inventory: predefined searches updates

We've just updated the predefined searches in the App Inventory leveraging the latest fields released and the top use-cases based on your usage.

It should be clearer and more actionable to you.

Using custom searches, you can save your favorite ones to access them in 1-click.

(Review)[https://my.sqreen.com/app-inventory/table]