AppDetective™ Update 3.1.0 - 05 March 2003

New Lotus Domino Checks

Maximum URL length
Verify that the web server has been configured to restrict the maximum URL length to an acceptable level.

Maximum URL path segments
Verify that the web server has been configured to restrict the maximum number of URL segments to an acceptable level.

Maximum number of request headers
Verify that the web server has been configured to restrict the maximum number of HTTP request headers to an acceptable level.

Maximum size of request headers
Verify that the web server has been configured to restrict the maximum size of HTTP request headers to an acceptable level.

Maximum size of request contents
Verify that the web server has been configured to restrict the maximum size of request contents to an acceptable level.

Enterprise Features
AppDetective™ can perform distributed Pen Test and Audits on multiple machines. On the Distributed Engines, Pen Tests and Audits can be scheduled to run and the results reported back to an AppDetective™ Console.

ASAP™ Updating through a Proxy server
ASAP™ Updates can now be performed through a Proxy server.

Vulnerability Management screen
Application vulnerability data can be filtered and searched based on Risk level, Vulnerability name, Application type, IP Address, Port Number, and Time of Test.

Exporting and importing custom policies
Customized policies can be exported and imported to different workstations.

Identification of MSDE during Pen Tests and Audits
Differentiates MSDE 2000 and MSDE 1.0 from its respective Microsoft SQL Server counterparts during a Pen Test or Audit.

Deleting Vulnerability Results Feature
Delete vulnerability results that are within corporate policy.

Merging Multiple Discovery Scan Results Feature
Multiple discovery scanning results can now be merged into a single session.

Generic HTTP Web Crawling and Vulnerability Assessment (Beta)
Added support for web crawling an HTTP application and discovering web application vulnerabilities

Enhanced Lotus Domino Password Cracking
Significant improvements to the password cracking features of Lotus audits - 0 can handle 5000 users in minutes.

Enhanced DB2 Detection and Discovery
Enhanced accuracy of DB2 port detection even if the DB2 "discovery service" is not enabled.

Enhanced Configuration of MS SQL Server as Backend Database
Improved wizards and procedures for configuring Microsoft SQL Server to be used as a backend database for storing application vulnerability information collected by AppDetective.

Simplified Licensing for Evaluators
Evaluation version does not require a separate license key download.