Version 8.17.02 Release Notes

Summary: High-level overview of changes/updates included in RiskSense Version 8.17.02, released on May 15, 2020.

The RiskSense platform Version 8.17.02 update includes the following features and enhancements:

• List View Enhancements

  • Finding Footprint Identifies Open Findings Only

  • Assignment Information Added to Application Findings

  • CVSS Columns Added to Application Findings

  • Netsparker Enterprise Metadata Added to Application Findings

• Miscellaneous Changes

  • Terminology Transition in Multi-Client View

  • Optional 2FA for SSO/SAML Login

  • Technical Note on Code Library Update

  • Other Fixed Issues

List View Enhancements

Finding Footprint Identifies Open Findings Only

In the Findings Detail Pane, the Finding Footprint information of a Scanner Plugin (Host and Application) now provides a count of open findings associated to that plugin, rather than total findings. A click thru in the Detail Pane is provided to filter for instances of open findings associated to that plugin. Note that the Finding Footprint presented in the respective column will still display a total count of both open and closed findings.

Assignment Information Added to Application Findings

A new section has been added to the Application Findings Detail Pane to identify information on all users assigned to that finding, like the existing section in the Host Findings view.

CVSS Columns Added to Application Findings

Some Application Findings have CVEs associated to them. To support this, new CVSS 2.0 and CVSS 3.0 columns have been introduced in the Application Findings list view that display the highest CVSS score associated to the finding when a CVE is present. They can be enabled in the Settings pop-up window and are clickable to the Vulnerabilities section in the detail pane. Corresponding filters have also been added.

Netsparker Enterprise Metadata Added to Application Findings

Additional information provided by Netsparker Enterprise scans has been added to the Output section of the Application Findings Detail Pane, including Certainty, Exploitation Skills, and Extracted Version.

Miscellaneous Changes

Terminology Transition in Multi-Client View

The URL identifier has been transitioned to Location in the “Top 5 High-risk Clients” table and the “Top 5 Vulnerable Web Apps” table on the Multi-client Dashboard list view on the Top Risks tab, as well as in the Overall View tab.

Optional 2FA for SSO/SAML Login

Users logging into RiskSense via SAML authorization can now bypass two-factor authentication (2FA) when approved by their individual Identity provider.

Technical Note on Code Library Update

RiskSense has updated to the latest version of the Material UI library. Aside from smoother animations on clickable actions, no substantial user interface changes have been made.

Other Fixed Issues

• Resolved an issue with invalid Host Finding exports by removing duplicate entries.

• Corrected a term transition on the “Location” filter to Address on the Applications list view.

• Removed the visual selection option for editing or deleting a client’s Default Group.

• Resolved an issue with leading spaces appearing incorrectly in header fields of CSV exports.

• Corrected spelling and capitalization of various filters on the Host and Host Finding views.

• Resolved a known error in the SRS view when adding domains with non-traditional top level domains.

• Resolved a known issue with dashboards shrinking in size when users navigate to them via the Home button.