Veracode Dynamic Analysis Release Notes

Veracode Release Notes

May 26, 2020

Enhanced Access Control for ISM Endpoints
Veracode Dynamic Analysis Internal Scanning Management (ISM) provides new options for granting Veracode support engineers access to your endpoints. You can now allow support access for a specific number of days, up to 30, or allow access indefinitely until you choose to disable it.

May 21, 2020

Client Certificate Authentication Support
Dynamic Analysis now supports client certificate-based authentication. When you upload your certificate and the associated password, Veracode can log in to websites that require this method of authentication.
Engine JSON Web Token and Obsolete JavaScript Support
Dynamic Analysis has added security auditing for JSON Web Tokens (JWT) and obsolete JavaScript resources. JWT auditing detects common flaws, including signature vulnerabilities, in sites that use JWT for authentication. Obsolete JavaScript resource detection reports known-vulnerable libraries, such as older versions of jQuery, through signature matching.
Improved Scan Status Details
Veracode Dynamic Analysis now has improved end-user visibility into scan statuses. Additional status information is available in the status fields and columns of the All Analyses, Dynamic Analysis Summary, and URL Scan Summary pages. You now have more detailed information when scans stop due to network issues or because they exceeded the allocated scan duration time.
Updated Video - Create Login Scripts with Selenium
This video shows you how to use the Selenium IDE plugin to create a login sequence script that enables Veracode Dynamic Analysis to scan URLs that have form-based authentication.

May 7, 2020

Prescan Workflow Improvements
Veracode has released several improvements to the Dynamic Analysis workflow to enhance these user experiences:
  • The prescan option has moved to the Schedule page. In addition, you can now use the new prescan-only option if you want to verify your configuration before submitting the analysis.
  • There is a new option on the Schedule page to enable you to save your Dynamic Analysis configuration and continue working on it or submitting it later.
  • Icons have replaced the menu in the individual rows of the URLs table, providing greater ease of use when you want to edit the configuration, link to an application, or delete the URL.

April 28, 2020

ISM Notifications Include Endpoint Names
Emails from Veracode about your ISM endpoints now specify the endpoint names to help with troubleshooting.

April 16, 2020

Scheduling Improvement
Veracode Dynamic Analysis now provides the ability to select a start date up to 90 days in the future. This enhancement enables you to initiate a one-time scan immediately as well as schedule a recurring, quarterly scan of the same Dynamic Analysis.
Update to Supported Selenium Commands
Dynamic Analysis now supports these Selenium commands: keyUp, keyDown, keyPress, assertTextPresent, waitForElementVisibile, and clickAt.