Product overview

See how dev-centric DAST for the enterprise secures your business.

Web attacks

Continuous security testing for web applications at high-scale.

API attacks

Safeguard your APIs no matter how often you deploy.

Business logic attacks

Future-proof your security testing with green-flow exploitation testing.

LLM attacks

Next-gen security testing for LLM & Gen AI powered applications and add-ons.

Interfaces & extensions

Security testing throughout the SDLC - in your team’s native stack.


Connecting your security stack & resolution processes seamlessly.


Getting started with Bright and implementing it in your enterprise stack.

Book a demo

We’ll show you how Bright’s DAST can secure your security posture.


Check out or insights & deep dives into the world of security testing.

Webinars & events

Upcoming & on-demand events and webinars from security experts.


Getting started with Bright and implementing it in your enterprise stack.

Case studies

Dive into DAST success stories from Bright customers.


Download whitepapers & research on hot topics in the security field.

About us

Who we are, where we came from, and our Bright vision for the future.


Bright news hot off the press.

Webinars & events

Upcoming & on-demand events and webinars from security experts.

We're hiring

Want to join the Bright team? See our open possitions.

Bug bounty

Found a security issue or vulnerability we should hear about? Let us know!

Contact us

Need some help getting started? Looking to collaborate? Talk to us.

Resources > Blog >
Bright Product Update – November 2021

Bright Product Update – November 2021

Admir Dizdar

This blog post announces the November 2021 Update for Bright.
We added some new features and product enhancements that will make your experience even better.

New Features

Assigning roles to groups


Every group can now be assigned a role, which defines the access scope in fine-grained detail. Try it out – manage your organization.

Get full IP traceroute on a specific target


Reveal all connectivity bottlenecks in minutes! Get a full IP traceroute on your target application to easily manage whitelisting Bright. See the documentation.

Restrict a Repeater to a specific project(s)


You can now use a repeater only for particular projects, which lets different teams scan only specific local targets. See the documentation.


Optimize attack surface with custom headers


You can now optimize the attack surface by selecting specific custom headers to be covered by tests during scanning. These headers will be included in the “smart scan targets” for your scans, allowing you to test your custom headers with all our tests without compromising on scan speed. Run a scan with custom headers

Possibility to change the method on redirect when configuring an Authentication Object


When configuring an authentication object, you can now enable redirects for code 302, where the server expects the following methods to always be GET during redirects, and not the original method that triggered the redirect. Create an Authentication Object.

Allow using API keys to access role resources


From now on you can select the role-related access scopes when creating API keys, as well as manage those roles via our REST API. See documentation.

Easy access to Authentications


Now you can easily reach Authentications from the left menu. See the documentation

General UI improvements


Enjoy our improved breadcrumbs navigation, smart copy button, “found issues” view on the Scans page, and other UI enhancements to make your experience better.

Scan surface discovery and speed improvements

We improved scan speeds by automatically analyzing and excluding irrelevant entry points such as duplicates and static resources.


DORA: Exploring The Path to Financial Institutions’ Resilience

DORA (Digital Operational Resilience Act) is the latest addition to the EU regulatory arsenal. A framework designed to bolster the cyber resilience of financial entities operating within the EU. But let’s face it: there’s no lack of regulations issued by the European Union legislature, and they’re not exactly known for keeping things light and easy.

IASTless IAST – The SAST to DAST Bridge

Streamline appsec with IASTless IAST. Simplify deployment, enhance accuracy, and boost your security posture by combining SAST and Bright’s DAST.

Bringing DAST security to AI-generated code

AI-generated code is basically the holy grail of developer tools of this decade. Think back to just over two years ago; every third article discussed how there weren’t enough engineers to answer demand; some companies even offered coding training for candidates wanting to make a career change. The demand for software and hardware innovation was

Get our newsletter