Lucent Sky AVM 4.0 release information

2018/12/26 |

This article includes a list the new features and bug fixes that are included in Lucent Sky AVM 4, as well as known issues of this release.

For more information about this release, visit the blog post Lucent Sky AVM 4 released.

New features and updates included in Lucent Sky AVM 4.0

  • 3rd generation mitigation engine - this new mitigation engine has been available to preview customers for the past 7 months, and their feedback has allowed us to fine-tune the remediation algorithms to better suit the applications used by our customers. Starting with v4.0, the "mitigation,preview" scan argument is no longer required as the 3rd generation mitigation engine is now the default mitigation engine. However, if you want to force a scan with the previous mitigation engine, you can use the scan argument "mitigation,legacy" (a preview license is not required).

  • Support for C and C++ - Support for C and C++ applications has been added, as well as identification capability for relevant vulnerabilities such as buffer overflow and memory leak. Remediation capability for some of these vulnerabilities will be added at later releases.

  • Support for Swift - iOS applications developed using Swift are now supported, and vulnerabilities like those found in Objective-C iOS apps are supported. When scanning an iOS application, Lucent Sky AVM will automatically detect its language (Objective-C or Swift).

  • Support for Active Server Page - Support for Active Server Pages (ASP, not to be confused with ASP.NET) applications has been added, and common web vulnerabilities such as cross-site scripting, SQL injection and open redirect can be identified. Support for additional vulnerability categories and remediation capability will be added at later releases.

List of fixes included in Lucent Sky AVM 4

No fix was included in Lucent Sky AVM 4

Known issues of Lucent Sky AVM 4

Lucent Sky AVM Web UI does not work on Windows Server 2016

After installing Lucent Sky AVM Web UI on a server running Windows Server 2016, the Web UI does not work. An error code 0x8007000d was generated when accessing the Web UI. This issue is due to the URL Write module installed by Lucent Sky AVM Web UI does not support Windows Server 2016.

A workaround is available by manually installing the latest URL Rewrite module after installing Lucent Sky AVM Web UI. The latest URL Rewrite module can be downloaded from the IIS website.

This issue has been resolved in Lucent Sky AVM 4.0.1.