Sun Tzu once said, “If you know the enemy and know yourself, your victory will not stand in doubt.” Yet, despite global cybersecurity investment crossing $188 Billion and 93% of companies feeling cyber-secure, the data breaches in the US alone were up by 78% in 2023.
Moreover, with a 71% YOY increase in cyberattacks that use compromised credentials, clearly, Tzu’s wisdom is escaping many a boardroom. Thus, the question isn’t how businesses can secure themselves but how to invest limited resources to build more effective security models.
Simply put, securing your business online starts with building a strong foundation. However, to truly adopt a security-first approach around the year, businesses must replace traditional pentests with continuous scans through a dedicated PTaaS platform.
As such, Astra’s dashboard exemplifies this, running 9300+ tests and compliance checks while simplifying automation, tracking, and end-to-end vulnerability management for businesses across multiple industries, continents, and digital assets.
It seamlessly integrates modern engineering methodologies, real-time reporting, and agile pentesting models. However, a feature is only as powerful and efficient as it is accessible. As such, this Spring, our updates focused on efficacy and accessibility.
Our new API Spec file uploads help strengthen your security while the new cache streamlines navigation. Moreover, now you can easily spot canceled scans, view progress updates, and pinpoint scan start times, simplifying tracking and data accessibility.
Ready to dive deeper? Let’s go!
1. Upload API Spec Files for Web Assets
What does it do?
Traditional scanners rely on web crawling to discover and test your APIs. Such surface-level scans lead to missed vulnerabilities and potential blind spots. Now, you can go deeper with Astra.
You can now directly upload your API specifications (in JSON/YAML format) to the Astra Dashboard. This spec file acts as a blueprint, providing us with a roadmap to your comprehensive API surface, significantly enhancing the quality of your vulnerability scans.
As an existing user, you can level up your API security with 3 simple steps:
1. Go to Target->Settings->Configure Scanner->Subdomains & APIs
2. Enter the base URL of your API
3. Upload your OpenAPI spec file (JSON/YAML)
P.S. This is just an additional feature to avoid missing any open ports; our scanner will still aggressively scan and test your APIs’ security posture, including any open ports and endpoints!
Why did we build this?
Black Box API scanning relies on automated discovery techniques, leading to longer testing timelines as well as limited scope. By providing a spec file, you help our vulnerability scanner and security experts conduct a more in-depth grey-box penetration test.
Not only does the above help us better understand the data structures and parameters in your web application’s source code, but also helps our scanner run more targeted tests.
How does it help you?
1. Enhanced Scan Depth and Precision: In addition to ensuring a more comprehensive scan, spec files, and structural understanding help us craft more targeted tests that exploit potential vulnerabilities to provide better API security.
2. Proactive Approach: Proactively test APIs beyond those directly invoked by the front end. This identifies potential issues early on, fortifying your overall security posture.
2. Leverage the Lightning-Fast Dashboard and Website
What does it do?
With a smarter cache and some backend tweaks, we’ve optimized our dashboard and website for lightning-fast navigation. Switch seamlessly between scans and reports on the Astra dashboard, or maneuver between blogs and features on the website!
Why did we build this?
To ensure a smoother user experience and give your productivity a well-intended boost with seamless navigation, we have enhanced our code and enabled optimized storage, loading speed, and overall performance with a pro-max cache.
How does it help you?
1. Faster Loading: The optimized code helps eliminate delays, allowing you to jump right into your tasks.
2. Effortless Navigation: A faster website and dashboard ensure a smoother navigation experience and allow you to focus on your workflow without interruptions.
3. Spot Canceled Scans Instantly
What does it do?
We’ve revamped the Astra Dashboard to help you identify and highlight canceled scans in seconds. The new “Canceled” label instantly flags scans that stopped while they were running. Moreover, the progress bar for such a scan will also show “0%” to avoid confusion.
As such, the tag allows for more accurate reporting and speeds up any reconfiguration (if needed) and rescheduling.
Why did we build this?
Data should never be a guessing game. However, hunting down canceled scans and double-checking progress reports can definitely make efficiency tricky. The new “Canceled” label cuts through the confusion by instantly highlighting any scans that stopped mid-scan.
As such, it helps improve transparency while equipping you with more actionable information to make informed decisions.
How does it help you?
1. Improves Data Accuracy: Clear labeling of canceled scans helps avoid confusion with in-progress or completed scans while providing an accurate and complete picture of all data.
2. Reduce Resource Wastage: Instantly highlighting canceled scans can help you quickly identify the issue and avoid wasting resources troubleshooting non-existent data.
3. Improve Workflow Efficiency: Quickly identifying canceled scans allows you to reschedule them promptly, maintaining a smooth workflow and ensuring your data collection stays on track.
4. Simplify Target Tracking
What does it do?
We have simplified tracking and navigating across targets. Here’s what’s new:
- Quick Access to Target Details: The new hover-over feature saves time and clicks! Simply hover over a target’s name, and a tooltip will instantly display the target’s URL.
- Customize Your View: Take control of your Targets page with the new sorting option! You can now sort targets alphabetically or by recency and paginate as per your needs, ranging from 15 to 100 results per page.
Why did we build this?
With multiple targets and scans, efficiency and clarity are non-negotiable for quality decision-making. The new sorting and pagination configurations let you instantly organize your targets to optimize your workflow.
Need a quick overview? Choose a more extensive view with more targets per page. Want to dive deep into a specific group? Opt for a smaller, more detailed view.
How does it help you?
1. Reduce Cognitive Load: Sorting and pagination help you organize your targets in a clear and easy-to-understand way, thus reducing your cognitive load and improving focus.
2. Enhanced Workflow: They help you quickly find the necessary information and take action without wasting time navigating a cluttered page.
5. Pinpoint When A Scan Starts
What does it do?
Forget timestamp hunting! Just hover over a scan name in the Astra Dashboard to see its exact start time. This instant access keeps you on top of your scan schedule and timeline, making efficient planning much simpler and more accessible.
Why did we build this?
Knowing the exact start time of a scan is crucial for effective planning and vulnerability management. Our new hover-to-view timestamps eliminate the guesswork, especially with the scheduled scans.
Now, with a simple move of the cursor, you can verify timelines in a flash, ensuring your scans are running smoothly and your workflow stays optimized.
How does it help you?
1. Enhanced Workflow Management: Knowing the precise start time allows you to easily track the progress of scheduled scans to identify and mitigate any potential delays, ensuring tasks are completed on time.
2. Improve Historical Analysis: Instant access to timestamps allows you to conduct trend analysis, vulnerability tracking, and security strategy validation in a historical context.
6. Leverage Weighted Scan Progress
What does it do?
We have reprogrammed our progress percentages to reflect the depth of your security assessment. Simply put, as more vulnerabilities are identified and documented, the progress percentage also increases.
As such, the new scan progress algorithm factors in the number of reported vulnerabilities through automated and AI test cases in the reflected progress to provide a more holistic picture of the assessment’s status.
Why did we build this?
The Astra Pentest goes beyond just ticking boxes. It focuses on uncovering vulnerabilities and identifying potential risks. By factoring in the number of CVEs discovered during the audit, our new weighted scan progress aims to reflect the same in our results.
How does it help you?
By factoring in discovered vulnerabilities (CVEs) into the scan progress, Astra provides a more nuanced picture of your security posture with a deeper insight into the headway the scan has made with tangible results.
Final Thoughts
The cyber warfare landscape is relentless, constantly innovating new threats. To stay ahead, our security tools must do the same.
This Spring at Astra, we focused on one core principle: empower you. Through automation, clear communication, and transparent access to data, we’ve streamlined your security experience.
But we’re not stopping there. A complete dashboard overhaul is underway, bringing intuitive navigation, sleek visuals, and – most importantly – even more comprehensive security features. Stay tuned and stay secure!