New Blocked actors page

We've just released a new Blocked actors page which should make things easier for displaying and filtering!

  • New improved UI to display Blocked actors
  • A new list of filters and sort parameters to help you search and visualize your blocked actors
  • Possibility to extend or unblock actors by batches using filters

RASP Protection for SSRF in Node.js and Python

Sqreen is now able to protect against First Order Server Side Request Forgery!

Specifically, the new RASP module protect against malicious URL trying to access sensitive resources in your network. To learn more about this vulnerability, you can check out the OWASP's SSRF Cheatsheet.

You can try out this protection by clicking here!

This version of the protection won't track through redirections or DNS rebinding but we're working toward addressing this limitation.

Configure your In-App WAF using presets

https://my.sqreen.com/application/goto/modules/waf

Use the Recommended preset to cover yourself without false positives! The Strict preset provides the highest coverage while very likely introducing false positives.

global preset.png

If you'd prefer, you can still configure your In-App WAF your own way, and the preset will automatically be set to Manual.

RASP Protection for eval in Java and PHP

Sqreen is now able to protect against some kinds of untrusted code executions!

Specifically, the new RASP module target eval() injections by checking when a user parameter is directly eval()-ed without any kind of sanitization.
This protection is available in PHP and Java.

You can find more details on this protection by clicking here!

See how Sqreen protects your application at a glance

Screen Shot 2020-01-23 at 12.59.05.png

Sqreen provides several layers of protection: RASP, In-App WAF, Headers, CSP and Account Takeover. All the security modules work together to provide the best coverage possible. But what do they cover exactly?

Starting today, the Protection section gives you an overview of all covered vulnerabilities. This a great way to see how your application is protected, and how that protection can be improved.

Access your account more easily

Screen Shot 2020-01-21 at 16.51.57.png

We moved the account menu to the upper right corner of the screen. This should make it easier to access all the pages related to you account or organization. Information on the connected hosts and installation instructions are now available on the Monitoring page.

The In-App WAF is live for all new apps!

The Sqreen In-App WAF, which we released a few months ago, is our approach to provide you with a Web Application Firewall (WAF) that lives within your app to lower the maintenance and false positives.

Today, we’re happy to announce that our In-App WAF is available in all six of our agents. When deploying a new application with Sqreen, the In-App WAF will be automatically configured based on the application’s stack.

By default, it runs in Log-only mode, enabling you to review how it behaves with your production traffic. From there, you’ll be able to set it to Blocking mode.

In a couple of weeks, we’ll release configuration presets to ease the deployment of the In-App WAF on existing applications.

A new way to search the App Inventory

A few months ago, we introduced the App Inventory, an always up-to-date, searchable source of truth for application assets. Today, we are adding an easier way to search it with filters.

Untitled-2.png

Here's what's new:

  • The new default search makes it easy to compose your search by combining filters.
  • Most of the application attributes are supported. weaknesses, incidents and first_connected_at are coming soon.
  • You can switch to advanced search anytime. Not all complex queries can be converted to basic search.

To try it, visit your App Inventory at https://my.sqreen.com/app-inventory/

We are looking for feedback on this new feature, so please let us know if you have any.

New safety mechanism for critical IPs

We've added a new safety mechanism (enabled by default) to make sure playbooks don't block "critical" IPs. We define "critical" IP as a private IP, or an IP coming from a load balancer of the most popular cloud provider.

If you want to reverse to the previous behavior, you can change it in your application settings.

Webhook version 2 is live!

Major improvement are:

  • Incident update are now sent through webhook. Version 1 only broadcasts when the incident is first detected.
  • ATO incident payloads feature the compromised accounts
  • Payloads now include the number of retries and date when it was sent

The new documentation is available here: https://docs.sqreen.com/integrations/webhooks/

If you get started with webhook today, you'll automatically use version 2.

Otherwise, you can switch versions from your account settings https://my.sqreen.com/profile/organization/integrations