Veracode Dynamic Analysis Past Release Notes

Veracode Release Notes

View the list below for highlights of previous releases.

March 31, 2020

Dynamic Analysis User Agent Defaults to Chrome
When configuring a Dynamic Analysis, if you do not provide a user agent string for a browser of your choice, the user agent value now defaults to the Chrome browser.

March 30, 2020

Auto-Linking Now Available in Dynamic Analysis
Veracode Dynamic Analysis now supports application auto-linking automation at the organization account level. Auto-linking links a Dynamic Analysis scan to an existing application profile. Auto-linking can also automatically create a new application profile to which Dynamic Analysis can link future scans, if you select that option. Linking a Dynamic Analysis to an application enables you to review the policy evaluation, download PDF results, and access the Veracode Links Report.

March 26, 2020

Screenshot Provided for Login Script Errors
Veracode Dynamic Analysis now provides troubleshooting information for login script authentication failures. If you have provided a login script, the Prescan Details window links to a screenshot of the associated login errors.

March 17, 2020

Server-Side Request Forgery (SSRF) Attack Support
Veracode Dynamic Analysis now enables Server-side Request Forgery (SSRF) attacks to find flaws, by default.
Extended Auto-Login Support
The Veracode Dynamic Analysis scan engine has improved support for multi-page forms and login pages containing iframes.

March 9, 2020

ISM Endpoint Updated with Advanced Diagnostics
Veracode Dynamic Analysis Internal Scanning Management (ISM) recently released an updated endpoint version with several new features, including advanced diagnostics options. More information is available in the endpoint release history.
Auto-Login Enhancements
Veracode Dynamic Analysis has streamlined authentication configuration with an enhanced auto-login capability. You should use auto-login to provide a username and password for auto-login, browser-generated logins, and NTLMv2. Auto-login is the default setting. A separate, basic authentication section is available to configure authentication for websites that require two forms of authentication: auto-login and browser-generated authentication. Veracode continues to support Selenium-based login scripts with these changes.
Coverage Improvements
The latest release of Veracode Dynamic Analysis includes new generic injection techniques in the scan engine and flaw publishing process. Veracode can now detect additional vulnerabilities for CWEs 95, 89, 91, and 74. In addition, SQL Injection, OS Command Injection, Remote File Inclusion (RFI), Server-side Request Forgery (SSRF), XML External Entity (XXE), and Cross-site Scripting (XSS) detection can now attack JSON keys and values in POST bodies by default.

February 21, 2020

New Video - View Dynamic Analysis Results
This video shows you how to view Dynamic Analysis results.

February 14, 2020

New Video - Create and Run an Unauthenticated Dynamic Analysis
This video shows you how to create, configure, and schedule an unauthenticated Dynamic Analysis.
Row Selection Persistence
When you select the number of rows you want to display in the All Dynamic Analyses table, the selection persists even if you navigate away from that table. Your selection persists until you log out.

January 8, 2020

New Auto-Publish Feature
Auto-Publish is now enabled in Veracode Dynamic Analysis to automatically publish some findings, providing quicker results for specific types of vulnerabilities.
  • If every vulnerability found in all URL scans in a Dynamic Analysis meets the criteria for auto-publication, Veracode publishes the findings immediately after the analysis completes.
  • If one or more vulnerabilities require a review by a Veracode scan engineer, then any findings eligible for auto-publication must wait for that review. Veracode publishes all findings together within 24 hours of when the manual review is complete.
Change to Failed Verification Status
Veracode Dynamic Analysis has updated the status definition that displays when any URL scans fail verification for either a connection or authentication issue.
  • When a single URL scan in an analysis fails verification:
    • The URL scan status is Verification Failed.
    • The Dynamic Analysis status is All Verifications Failed.
  • When an analysis with multiple URL scans has one or more of the URL scans fail verification:
    • The failed URL scan status is Verification Failed.
    • The analysis status is Completed - Partial Results Available.