Lucent Sky AVM 2.5 released
June 30, 2015
Today we released Lucent Sky AVM 2.5. The focus of version 2.5 is to increase the utility of reporting to help developers and other stakeholders better navigate to the efficiency brought by application vulnerability mitigation.
- Interactive HTML reporting
Unlike most security reports that are static, Lucent Sky AVM's new HTML reporting feature is interactive, and allows users to search and filter for results in a similar way to the Web UI. Take a look at this sample report and see for yourself.
- Improved search results in Web UI
In addition to search by rules and confidence score, now you can also search by vectors and priority (more on this later). You can also combine multiple criteria to search for more specific vulnerabilities such as reflective XSS (XSS that came from web requests).
- System-wide ROI
ROI reporting will now be based on actual vulnerability and mitigation numbers from all applications the user has access to.
- Vulnerability Prioritization
Similar to "severity" in most security reports, "priority" indicates how urgent you should resolve this vulnerability. A vulnerability with priority 1 is easily exploited and can have high impact. We chose "priority" rather than "severity" because all vulnerabilities found by Lucent Sky AVM are potentially severe, and the time to remediation should be a priority. Users can only customize how Lucent Sky AVM determine the priority of a specific vulnerability by changing the criteria at their discretion.
- UI enhancements
- Additional information of scan error code, including possible solutions and relevant KB articles
- Localization for HTML report
- Customization of how vulnerability source code and Instant Fixes are displayed
- Under the hood
Improvements in dataflow analysis engines and other framework compatibility improvements.
Users of cloud-based Lucent Sky AVM Servers and Lucent Sky AVM On-Demand should see their servers be updated to version 2.5 in the coming days. For users running on-premise Lucent Sky AVM Servers, our support team will schedule an update with you shortly.