Web Application Scanning (WAS)

NOTE: Formerly known as Frontline Web Application Scanning (Frontline WAS).

August 2023

Version 6.5.6.0

August 30, 2023

New Features
  • This version of Frontline Web Application Scanner introduces several enhancements for the PCI Self Service feature
  • Initial Support for RNA Upgrade Pipeline to Install Ubuntu 20.04
Enhancements
  • PCI Self Service:
    • Scan Groups now support dynamic auto-creation of WAS scans from VM scans that detect webservers
    • Support file attachments for PCI Disputes
    • Support assignment of PCI disputes to selected PCI analyst
    • System generated WAS Audit policy created for PCI Compliance Scans
    • Enforce PCI workflow parameters in scans created for Scan Groups with applied settings
    • New notifications added to ensure assigned PCI analyst is notified whenever a dispute comment is made
    • New PCI Vulnerabilities CSV Export report
    • Generate PCI Compliance Reports sections as reports and ZIP
Fixes
  • PCI Self Service:
    • Disable ability to dispute on scans older than 90 days
    • Revert to original vuln status when disputes sent back to pending
    • Revert status (Pass or Fail) on expired disputes when rescanned
    • Set dispute expiration to end of quarter
    • Prevent PCI Compliance Report for only WAS scans
    • Correctly note WAS webapps not found during scan in section 4c of PCI Compliance Report
    • PCI Compliance Report Scan Summary part 3b needs to show most recent note
  • Scan Groups:
    • New Scan Group button forwards to link with query information on url
    • Sorting by "Next Period Start" sort does not sort correctly
  • Intermittent failures recrypting scanner credentials
  • Scans attempting to launch on artificial RNAs error out immediately

July 2023

Version 6.5.5.2

July 7, 2023

Enhancements
  • This version of Frontline Web Application Scanner introduces various bug fixes and enhancements to improve overall usability and quality.
  • One-Time Scans: Add OTS configuration for IBM i DDM Service Unauthenticated RCE One-Time Scan.
Fixes
  • One-Time Scans: Updated verbiage for consistency and grammatical correctness.
  • PCI Self -Service: Fix the incorrectly filtered global view of the PCI dispute list.
  • Multi-scan reports potentially error from setting value on incorrect field.

May 2023

Version 6.5.4.1

May 31, 2023

Fixes
  • PCI Compliance Reports marked incorrectly as "Failing"
Version 6.5.4.0

May 31, 2023

New Features
  • WAS Security Seals
  • Linux Agent Support
Enhancements
  • PCI Self Service: Update our PCI ASV number and POC in PCI Compliance Report
  • PCI Self Service: Support PCI reporting on undetected hosts
  • Add "status" support for completed Scan Group runs to Scan Group Template controller / page
Fixes
  • Update package dependency versions
  • Fix max CVSS scores displayed in the Vulnerability Dictionary
  • Miscellaneous filters
  • WAS vuln assessment workflow unavailable on accounts with on the Web Application Scanning subscription
  • Console Error when resetting password

April 2023

Version 6.5.2.5

April 7, 2023

Enhancements
  • Internal improvements for tracking metrics and maintaining stability in Frontline.
Version 6.5.2.4

April 3, 2023

Enhancements
  • Internal improvements for tracking metrics and maintaining stability in Frontline.

June 2022

Version 6.4.4.0

June 11, 2022

New Features
  • Edge Network support increases the scalability and responsiveness of our scanning communication network.
  • Implementation of Business Groups.
  • Reports enhancements with support for scheduled and emailed reports.
  • Added a Global Vulnerability Search for MSP accounts.
Enhancements
  • Business Group Column in active view display (Ticket 18151).
  • Auth Scan Config: Add a "Test Your Config" button (Ticket 20422).

  • Dynamic Labels used as Rules for Business Groups (Ticket 18019).

  • Preserve access to historical scans / reports after Business Group access levels change (Ticket 20046).

  • Report Scheduler (Ticket 17363 and 1456).

  • Vulnerability Age Report (Ticket 17601).

  • Added the ability to save report filters for future use (Ticket 19099 and 1457).

  • Included an Authenticated Creds Test button (Ticket 19473).

  • Enterprise Admin Group able to view other groups dashboard (Ticket 19635).

  • Custom Report Templates - Data Filters (Ticket 20275).

  • Frontline WAS Business Group capability (Ticket 21396).

  • Change how we manage IP restrictions for Business Groups (Ticket 22207).

  • Custom email lists for scanning notifications (Ticket 22633).

  • Added the ability to enable recurring reports (Ticket 23319).

  • Made Scan Description variable visible in UI (Ticket 23827).

  • Fulfilled request for NVD Reporting Functionality (Ticket 24517).

  • Choose what reports automatically generate after a scan (Ticket 24885).

  • Sending reports (Ticket 25073).

  • Added Business Group column to Scanners page (Ticket 18553).

  • Added support for a Microsoft patches only report (Ticket 1831).

  • Auth Scan / Credential PDF Detailed Status Report (Ticket 1094).

  • Add support for emailing reports to users (Ticket 1514).

Fixes

  • Fixed subject for some automated emails to match email content (Ticket 25212).

  • Updating Business Group shows IPs as not associated to Scanner Profile (Ticket 24695).

  • Email headers do not match email content (Ticket 25212 and 25289).

  • Graphs & Trending - "Asset Rating Counts" not displayed in DDI Asset Rating colors (Ticket 658).

  • Asset Rating not viewable with NVD/PCI (Ticket 1072).

  • Executive Summary Report does not respect NVD/PCI options (Ticket 1082).

  • Managed Accounts Reports not available in WAS (Ticket 1320 and 1608).

  • Input fields for AV Window Size and SLA Days are active (Ticket 1323).

  • AV Summary incorrectly processes non-default options (Ticket 1369).

  • CIS CSV Export defaulting to PDF format (Ticket 1486).

  • Several filters have multiple entries in the Vuln Dictionary and Vuln Trend filter sets (Ticket 1502).

  • Clicking on 'Vuln Definition' on scan results causes loading the accounts page removes the active context and takes to the account page (Ticket 1548).

  • Vulnerabilities have multiple unique instances in agent scans (Ticket 1658).

  • Spelling error in DB/OS Tooltip (Ticket 1725).

  • Unable to delete manually added labels to Assets (or Vulnerabilities) (Ticket 1822).

January 2022

Version 6.4.3.2

January 26, 2022

Enhancement
  • Moved additional logs into Loki logging subsystem for Frontline.Cloud.
Fixes
  • Fixed Managed Accounts Users for CSV Export failures in cases related to deleted user roles.
  • Fixed Trial accounts on TryFrontline.Cloud that automatically spin down shortly after being created.
  • Added clarity to Managed Accounts Security GPAs CSV Exports sort order by including owner field in CSV export.
  • Corrected the spelling error in "Approved management access request user" filter.
Version 6.4.3.1

January 19, 2022

Fixes
  • Added multiple fixes to Frontline TAP threat intelligence feed processing for Threat Rank.
  • Frontline.Cloud infrastructure fixes related to expiring certificates.
Version 6.4.3.0

January 12, 2022

New Features
  • Includes a comprehensive suite of management reports targeted specifically for MSPs utilizing Frontline.Cloud.
    • Reports include CSV reports, PDF reports and email alerts that allow MSPs to effectively manage their customer based and understand usage and trends.
Enhancements
  • Added ability to see raw request data for all users.
  • Added delay-time-period before automatically spinning down Trail accounts (Bug 25048).
  • Added support to filter scan results by a list of CVEs (Bug 23333).
  • Changed default RNA Access Request time to be 8 hours.
  • Deprecated Oracle Image Virtual RNA download.
  • Introduced report review workflow into Frontline.Cloud (Bug 20672).
  • Allowed Trial account options to be set during Trial account creation as an option.
  • Removed per-account limits for Virtual RNA appliance tokens.
  • Replaced Digital Defense, Inc with Digital Defense by HelpSystems.
  • Improved support for NVD / PCI rating schemes within Frontline.Cloud (Bug 23934, 25071).
  • Added suite of MSP / Super account management reports (Bug 24793, 20040, 20517).
  • Replaced logo with favicon for themes list.
  • Various infrastructure improvements and security updates.
  • Added WebApp Scan Export API.
Fixes
  • Fixed slow speed on Manage RNAs list page.
  • Corrected broken links to help pages on new account Dashboard (bug 24931).
  • Fixed incorrect body text in RNA Access Approved email.
  • Fixed display of report options in report's options appendix.
  • Updated super account usage metrics that failed in some instances.
  • Trial accounts can be upgraded to General accounts (Bug 25253, 25060).
  • Corrected various bugs for reports including grammar, spelling and style fixes.
  • Fixed Virtual RNAs that could not be downloaded on TryFrontline.Cloud due to trade.gov API changes (Bug 25299).

Back to Digital Defense Products