A lot is happening with Bright!

We want to share some exciting news! Our name has changed from NeuraLegion to Bright! On top of that, we raised a $20 million funding round! This is not only great news for us, but for you too. This financing will allow us to improve the Bright DAST to secure your apps and APIs, without slowing down your software development processes.

Here are some updates and improvements that will make your experience even better:

New Features

The amazing new API Linter

Our new Schema Linter (Editor) is a smart tool designed to parse, validate and edit an uploaded API schema, making it easy for you to configure high-quality, efficient scans that will ensure the best results. Explore the Linter’s features and capabilities in our step-by-step tutorial.

Improvements

Have you had your scans crash because your app logged you out?
Don’t worry, we have a solution for you.

You can now configure Bright DAST to detect when applications need to re-login, without having to stop your scan and do it manually. It will re-login you into your app, without skipping a beat. This can be easily done with the new Authentication Triggers option “Detect using Request URL pattern”.

Try it in your account now

UI improvements

Enjoy the improved authentication configuration and other UI enhancements we introduced to make your experience better!

• Clear and consequent authentication object setup
• Enhanced visibility and representation of the Scans table settings
• Comprehensive filter setup on the Scans page
• Convenient pagination on the Scans page

General Performance improvements

Various improvements for crawler performance and stability, as well as a significant improvement to SQLI and LDAP testing.

A lot is happening with Bright! Here are some updates and new features that will make your experience even better.

New Features

Introducing a new scan status: Disrupted

With the news scan status of Disrupted, you can now easily distinguish scans that were stopped due to recoverable issues on the user’s side, for example:

• When the repeater is no longer available during an active scan
• When the target is not responding for X minutes (5 minutes by default)
• When the scan finds no valid entry-points, due to incorrect configuration (missing authentication, no valid responses, etc.)
• When a scheduled scan cannot start due to a configuration issue (file unavailable, repeater unavailable, etc.) The disruption event details are also recorded to Engine Notifications.

View your scans!

Improvements

New Version of Okta Integration

We’ve made improvements to how you manage your team’s access to Bright’s scanner using Okta SSO. The Bright integration app is now available on the Okta marketplace. With this app, you can easily configure SSO integration via both OIDC and SAML protocols. You can also take advantage of the provisioning feature to automatically synchronize users and groups between your Okta application and your Bright organization.

Go to Okta Marketplace!

Project Level API Keys

To provide with more flexibility and control of how your teams access Bright, we added the ability to create and use API keys at the project level.

Check out the docs and learn more!

Brower-Based Authentication Improvements

We improved our form field detection algorithm to be able to look up the target field not only by name but also by labels, placeholders, and even unique HTML object IDs. That will make the process of configuring the authentication form quick and easy! Just write the name of the field as you see it, and our browser will find it in the form automatically. Easy!

Try it out!

Multi-step Browser-based Authentication

We extended the browser-based authentication configurations to support multiple steps, where you can easily specify your application’s unique login sequences.

Try it out!

General UI improvements

Check out our design improvements to the New Scan window to improve your user experience!

Start a new scan

General Performance improvements

Various improvements for Engine performance and stability for handling edge-cases during the discovery stage, and significant improvement to XSS testing

This blog post announces the November 2021 Update for Bright.
We added some new features and product enhancements that will make your experience even better.

Improvements

Simplified new scan window

Scans can now be set up faster and easier in the advanced mode. Run a scan now!

Group administration with an organization-level API key

Every group can now be assigned a role, which defines the access scope in fine-grained detail. Check out the docs and learn more.

PDF report performance optimizations

You can now export a PDF report faster, with better page layout. Run a scan now and export report!

General UI improvements

We improved the search, download and copy buttons, the engine notifications view, and introduced some other enhancements to make your experience better.

General performance improvements

Various improvements for engine performance and stability for handling edge-cases during the discovery stage.

This blog post announces the November 2021 Update for Bright.
We added some new features and product enhancements that will make your experience even better.

New Features

Assigning roles to groups

Every group can now be assigned a role, which defines the access scope in fine-grained detail. Try it out – manage your organization.

Get full IP traceroute on a specific target

Reveal all connectivity bottlenecks in minutes! Get a full IP traceroute on your target application to easily manage whitelisting Bright. See the documentation.

Restrict a Repeater to a specific project(s)

You can now use a repeater only for particular projects, which lets different teams scan only specific local targets. See the documentation.

Improvements

Optimize attack surface with custom headers

You can now optimize the attack surface by selecting specific custom headers to be covered by tests during scanning. These headers will be included in the “smart scan targets” for your scans, allowing you to test your custom headers with all our tests without compromising on scan speed. Run a scan with custom headers

Possibility to change the method on redirect when configuring an Authentication Object

When configuring an authentication object, you can now enable redirects for code 302, where the server expects the following methods to always be GET during redirects, and not the original method that triggered the redirect. Create an Authentication Object.

Allow using API keys to access role resources

From now on you can select the role-related access scopes when creating API keys, as well as manage those roles via our REST API. See documentation.

Easy access to Authentications

Now you can easily reach Authentications from the left menu. See the documentation

General UI improvements

Enjoy our improved breadcrumbs navigation, smart copy button, “found issues” view on the Scans page, and other UI enhancements to make your experience better.

Scan surface discovery and speed improvements

We improved scan speeds by automatically analyzing and excluding irrelevant entry points such as duplicates and static resources.

This blog post announces the October 2021 Update for Bright.
We added some new features and product enhancements that will make your experience even better.

Don’t have a website, but you want to run a security scan with Bright?

We launched an intentionally vulnerable website ‘Broken Crystals’!
If you always wanted to run a scan on Bright, but didn’t have your target, here it is:

Check out the new documentation that will make your experience even better!

You’ll find comprehensive concept topics and step-by-step guides to help you deploy, configure and use Bright, as well as get assistance if you get stuck. Let’s jump right in!

This blog post announces the September 2021 Update for Bright.
We added some new features and product enhancements that will make your experience even better.

New Features:

Okta SSO provisioning

Now you can easily sync up the users and groups between your Okta application and Bright organization.

Check out the docs!

Global timeout for scans

 We are here to help you save your time! If for some reason the scan target does not respond anymore, you don’t need to wait for a long time while all the scan tests are being sent into the void! Simply use our new feature to stop the scan automatically when the target is not responsive.

See documentation

Integration with GitHub SARIF reports

Now you can manage all found issues from Code Scanning Alerts on GitHub.

See documentation

Export Entry points list as CSV

We added the possibility to download all discovered entry points as CSV to help security teams analyze the scan results better.

See documentation

Advanced internal/external proxy configuration for the Repeater

From now, when scanning with a Repeater, you can proxy the internal (to your local network) and external (to our cloud) traffic separately.

See documentation

Improvements:

Speed improvements for scans with a Repeater

Speed up when scanning with a Repeater!

Request/Response correlation IDs in Engine logs

You can now easily find the relevant response to a request by its ID!

UI stability improvements

Check out our new schema editor and other UX improvements to make your experience better!

This blog post announces the August 2021 Update for Bright.
We added some new features and product enhancements that will make your experience even better.

New Features:

New engine logs download

From now on there is no need to worry about downloading large engine logs. When needed, the full engine logs will be generated offline and will be available for download via an email notification.

Check it out!

New project issues page

Check out the new ‘Project Issue’ page, where each finding can be tracked over time over multiple scans. 

See documentation

Added CWE ID to found issues

We added the CWE ID for found issues to further help security teams triage the scan results more effectively 

See documentation

New ‘Smart Copy-Paste’ for headers input

Tired of manually filling out the required ‘Headers’ one-by-one?
Check out our new ‘smart copy’ option with the new ‘Headers’ field!

See demo

New ‘Vulnerability Guide’ section on the Knowledge Base

We released a new section on our knowledge base with detailed information about the tests we do, and how to remediate them!

See documentation

Improvements:

Crawler improvements

Significant improvements to crawler speed and stability.

Authentication Object Improvements

Improvements to the ‘Browser Based Form Authentication’ object

UX/UI improvements

Check out our new ‘Scan Summary’ page, field inputs and other UX improvements to make your experience even better!

This blog post announces the July 2021 Update for Bright.
We added some new features and product enhancements that will make your experience even better.

New Features:

A new ‘Entry Points’ section in the scan summary

You can now see a detailed breakdown of all the tests that were done on specific endpoints in your application, their parameters, and more!

Check it out!

Open tickets in integrations by Issue Severity

You can now select specific severity levels to trigger opening a ticket on your integrated ticketing platforms!

See documentation

Improvements:

Crawler & UI stability improvements

We deployed significant crawler improvements on the engine and significant upgrades to the UI to provide a smoother & quicker user experience.

This blog post announces the June 2021 Update for Bright.
We added some new features and product enhancements that will make your experience even better.

New Features:

You can now upgrade to the Pro plan on your own

We have officially released our self-service billing system! You can now easily upgrade your free plan to a Pro plan! The Pro plan expands the number of scan hours and developers, and enables new features:

• 3 ticketing integrations (Jira, Github, Slack, Azure, GitLab, Monday)
• Export reports to PDF and JSON
• Role-based access control (RBAC)
• Single sign-on (SSO)
• User and organization APIs

Check it out!

GitLab Ticketing Integration

You can now open tickets for found issues directly in your GitLab repositories! To enable, in your account, go to Organization and scroll down to Ticket Management Integration.

See documentation

Skip Slow Entry-Points Automatically

Speed up your scans by skipping the few slow endpoints that may cause a delay! (Don’t worry, you can always scan them separately later)

See documentation

Improvements:

Easier private cloud deployments with the ‘Cluster’ parameter in the CLI

Configure a Repeater for private cloud deployments more easily with the new ‘cluster’ parameter for the CLI

See documentation

New Scan Templates

We added a few new scan templates, including OWASP Top 10, and MITRE Top 25.

To run a scan from a template, go to Scans (click the button below), click on New Scan.  In the New Scan window, click on the Advanced tab (top-right), and click on Templates. Select your desired template from the list. That’s it!