- DOM-based XSS
- Client-side SQL injection
- WebSocket hijacking
- Local file path manipulation
- DOM-based open redirection
- Cookie manipulation
- Ajax request header manipulation
- DOM-based denial of service
- Web message manipulation
- HTML5 storage manipulation
Monday, July 28, 2014
For more details, see the blog post.
Tuesday, July 22, 2014
This release contains various bugfixes and minor enhancements:
- A bug introduced in v1.6.01 affecting the passing through of command line arguments to extensions has been fixed.
- A bug that sometimes caused session handling rules using macros to be incorrectly restored from state files, has been fixed
- A bug that occasionally caused corruption in the rendering of live streaming responses has been fixed.
- A bug where the "time of day" value in Intruder attack results was incorrectly reported when request throttling was enabled, has been fixed.
- Logging options have been enabled for the Sequencer tool.
- Links in the BApp details tab are now clickable and open in an external browser.
- Renamable tab captions now prevent accidental renaming to an empty string, which previously resulted in a pixel-perfect double-click being required to rename the tab to anything else.
- Efforts have been made to fix an occasional bug that causes the UI to freeze when changing the confidence or severity of Scanner issues. Feedback is welcomed on whether this bug has indeed gone away.