All notable changes to this add-on will be documented in this file.
The format is based on Keep a Changelog.
- Added checks to not raise alerts in CSS, JavaScript or 404 status code pages.
- Ensure i18n resources are always initialized.
- Added support for incorrect signature type attack.
- Sonar Fixes.
- Updated Client side attack to introduce warning if HTTP Header contains JWT.
- Added support for scanning Authorization Header Issue: #31
- Corrected the Fuzzer Panel User interface expansion issue
- Increased the number of requests for High threshold to 18 from 12.
- Client side configuration alerts will not stop the scanner from scanning server side configurations.
- Support for validating usage of publicly well known HMac secrets for signing JWT.
- First version of JWT Support.
- Contains scanning rules for basic JWT related vulnerabilities.
- Contains JWT Fuzzer for fuzzing the JWT's present in the request.