Our AWS integration just got even better! Now whenever you add a target from AWS (or when we pull one in automatically), we’ll analyze it to see if it’s an API. If it is, we’ll make it quick and easy for you to add a schema to it.

We want to give you the best results possible. Previously, users may have scanned targets from their AWS environment without adding an API schema, finding fewer issues than they would have with a schema added. By enabling you to easily add a schema to your API target, you get better coverage and find more issues.

For detailed information about this update, just reach out to us. Book some time to discuss it with a member of the Product team here. We look forward to hearing your feedback!

With today’s release, we have launched a new discovery feature, designed to help identify when your web apps require an authentication. We now scan targets in Intruder for the presence of a login page, and if we find one, give you the control to choose whether or not you want to add authentication to that target.

We now scan your targets for login pages that would benefit from having an authentication added. Adding an authentication allows us to scan behind the login page, run additional checks, find more issues, and ultimately ensure your web apps are more secure.

You don’t need to do anything, but if we notice a target that would benefit from having an authentication added, we’ll notify you in the portal.

For detailed information about this update, read this article. If you would like to book some time to discuss it with a member of the Product team, you can do so here. We look forward to hearing your feedback!

Intruder's AWS integration has been one of our most popular, making up over 50% of cloud accounts added to Intruder. However, we have received feedback that for our larger customers with numerous AWS accounts, adding these accounts individually can be a particularly time-intensive process.

So in this release, we have updated our existing AWS integration to include an option to sync at the organization level. This means that you can now:

This means you can easily stay on top of your growing external attack surface with minimal effort.

This feature is currently only available on our Premium or Vanguard plans. If you'd like to discuss upgrading, you can reach out to your Customer Success Manager at any time or via our in-app support.

Single-page applications are notoriously hard to scan correctly due to the complexity of building a full site map. In our latest release, we’ve updated the way we scan your web apps, improving the coverage of the scanner and increasing the likelihood of finding vulnerabilities.

We’ve continued to build new improvements on top of Zap's native 'AJAX' spider, while also adding a new spider into the mix to help cover any gaps missed by the 'traditional and 'AJAX' spiders.

To use our updated scanning capability, you'll need to add an authentication or API schema to your target. As always, we recommend running these scans in your staging environment or with a low permission user so the spidering process does not interfere with your production data.

Read more about single-page applications, how they differ from multi-page applications, and why this matters when scanning them, in our recent blog.

If you’d like to discuss this further with a member of the product team, or give some feedback, you can do so here.

We’re excited to announce that we've made a change to scan settings, empowering users to choose the scan that best fits their business’ priorities. Now users can adjust their scan priority between a quick and balanced scan.

- Shorter scan time but may not find all vulnerabilities.

- Strike the balance between scan time and detecting more vulnerabilities .

From today, the default setting for all scans will be a . While this may increase scan times as it performs more checks, it is the recommended option as it will find more issues.

Read the full help article to learn more about this feature.

If you’d like to discuss this further with a member of the product team, or give some feedback, you can do so here.

In our latest release we have expanded on the authentication types available in Intruder. Since we launched authenticated web application scanning over a year ago, we have received feedback that setting up a Form authentication is too time consuming, and has the potential for error, which can lead to frustration.

With Recorded Logins, you can now use Google Chrome Dev Tools to record yourself logging into your target and then upload the file to Intruder to seamlessly setup your authentication. Additionally, this allows Intruder to support even more login types, including targets with Single-Sign-On (SSO). You can read instructions here on how to add this new type of authentication to your target.

This is our first step of an exciting project in improving our coverage for scanning single-page applications, with more to come in the new year! If you’d like to discuss this further with a member of the product team, or give some feedback, you can do so here.

Compliance used to be difficult. Our one-click integrations with compliance partners Drata & Vanta made it easier. Now, it’s , with our newest release; Automated Compliance.

Here’s how it works:

In your scans page within portal, you’ll select “Schedule scan” as you usually would:

Once you select this, you’ll get the option to “auto send to Drata/Vanta”, depending on the compliance automation tool you have integrated.

Once the scheduled scan has been completed, a scan report will automatically be sent as evidence to your compliance partner.

There’s still the option to manually send scan reports as evidence using “send to Drata/Vanta” depending on the integration you have enabled.

If you’d like to discuss this further with a member of the product team, or give some feedback, you can do so here.

Preparing for an audit can be stressful with countless policies to review and evidence to gather. Previously, if you used Vanta for compliance automation you would need to manually download evidence from Intruder and then upload that evidence into Vanta.

With the Vanta integration, we’re helping our customers achieve deep compliance automation. Now, users can submit evidence to Vanta with just the click of a button from within the Intruder Portal. You can quickly select which scan you would like to use and send that as vulnerability scan evidence.

With this new integration, you'll be able to send your reports to Vanta from two different areas:

Scans overview page

Individual scans detail page

If you would like to book some time to discuss this with a Product team member, you can do so here. We look forward to hearing your feedback!

We’re excited to introduce improvements to the Intruder API that streamline target management in your portal workflows. Previously users could only add tags to targets during their initial creation using the Intruder API. Users were then required to log in to portal to make subsequent tag adjustments.

To resolve this and save you time, we’ve added two new endpoints to the Intruder API which will allow users to add and delete tags for a target. With this release, you will be able to fully manage your targets using the Intruder API.

To learn more check out our API docs and API references.

If you would like to book some time to discuss this with a member of the Product team, you can do so here. We look forward to hearing your feedback!

In 2022, we released our authenticated web application scanning feature, with over 1000 customers choosing to set up authentications on their targets. Since then we have continuously gathered feedback on web app scanning, and the number 1 request has been to provide more immediate feedback on whether the authentication is working as expected.

With this release, we have updated how you add an authentication. There is now a verification step during which we will test the login details provided to ensure that your authentication has been successful. This will allow you to understand whether the set up has worked without having to do a scan first, saving you time and effort!

Watch this quick video to see the end to end process:

If you would like to book some time to discuss this with a member of the Product team, you can do so here. We look forward to hearing your feedback!