Skip to content

Releases: secdec/attack-surface-detector-zap

Version 1.1.4

07 Mar 14:39
35bff46
Compare
Choose a tag to compare

Changes

  • Incremented to 1.1.4 and changed build to keep the value synced between pom.xml and ZapAddOn.xml.
  • Removed casting when loading/referencing extensions by using class not NAME string.
  • Added exception handling for when spider is selected but target is not available.
  • Other minor maintenance changes.

Version 1.1.3

19 Feb 20:59
Compare
Choose a tag to compare

Additions

  • Added the Ability to detect multiple frameworks within the same project
  • Added the ability to detect endpoints from multiple frameworks in the same project

Changes

  • Upgraded Ham engine for better framework compatibility.
  • Improved framework compatibility
  • Quality of life improvements

Version 1.1.2

24 Aug 12:28
Compare
Choose a tag to compare

Additions

  • Added the Ability to import endpoints from an ASD CLI JSON output file
  • Added the ability to double click an endpoint to view its details
  • Added configuration Subtab
  • Added a help tab to the Attack Surface Detector

Changes

  • Redesigned the Results tab for better look and feel

Deletions

  • Removed Excess Logging statements
  • Removed tools menu items
  • Removed View Selected Button

Version 1.1.1

19 Jun 15:38
Compare
Choose a tag to compare

Additions

  • New File filters for source code selection to prevent erroneous formats.
  • The Attack Surface Detector can now import endpoints from a .war file containing source code
  • Adds new Attack Surface Detector icon to the ASD panel.

Changes

  • Modified logging procedure to properly reflect OWASP Procedure
  • Modified Endpoint Comparison to fix underlying NPE
  • Options Dialog has be redesigned for a better user experience
  • Updated Zap Version Compatibility to 2.7.0
  • Spider method has been updated to utilize the API related to the new ZAP version
  • Modified README to help users and contributors alike.
  • Updates HAM engine version to fix compatibility issues

Version 1.1.0

08 May 12:20
Compare
Choose a tag to compare

Additions

  • Added the ability to import endpoints from a zip file
  • Added the ability to import two different version of the same source code and compare them for changes.

Changes

  • Comments inside requests now reflect if the endpoint was new/modified/unchanged
  • Request highlight colors have now changed to cyan for unchanged, magenta for modified, and orange for new endpoints
  • The Endpoint details view now highlights new endpoints as well as new/modified/deleted parameters.

Version 1.0.1

13 Apr 20:38
Compare
Choose a tag to compare

Version 1.01 of the Attack Surface Detector adds better user documentation as well as updated maven dependencies. It also decreases bloat by removing legacy classes, and external packaging scripts.

Additions:

  • User guide
  • Install guide
  • ReadMe documentation

Changes:

  • Updates internal dependencies
  • Removes legacy code
  • Removes outdated packaging scripts

Version 1.0.0

10 Apr 11:42
Compare
Choose a tag to compare

We're proud to release version 1.0

Additions

  • Added an Attack Surface Detector tab to the status pane
  • Added a table that lists all endpoints discovered from the source code analysis
  • Added a dialog that lists the details of the selected endpoint.
  • Added an options dialog that allows the user to configure the plugin prior to executing an import

Changes

  • Requests are now made directly from the discovered endpoints.
  • Removes the old target url dialog and source folder location dialog and combines them into one.