{"id":39727,"date":"2025-07-11T14:11:16","date_gmt":"2025-07-11T08:41:16","guid":{"rendered":"https:\/\/www.getastra.com\/blog\/?p=39727"},"modified":"2026-01-12T23:59:28","modified_gmt":"2026-01-12T18:29:28","slug":"summer-2026-product-updates-whats-new-at-astra-security","status":"publish","type":"post","link":"https:\/\/www.getastra.com\/blog\/astra-product\/summer-2026-product-updates-whats-new-at-astra-security\/","title":{"rendered":"Summer 2025 Product Updates: What\u2019s New at Astra Security"},"content":{"rendered":"\n

Security teams don\u2019t need another dashboard screaming about low-priority bugs. They need to know what\u2019s important, what\u2019s already fixed, and what\u2019s still a ticking time bomb.<\/p>\n\n\n\n

That\u2019s where we\u2019re headed at Astra.<\/p>\n\n\n\n

This summer, we\u2019ve made several updates that do exactly that. Delta scans that stop pointing at the same issues. MFA protection where it actually matters. Cloud rescans that are faster and smarter. Reports that don\u2019t require a Sunday afternoon to clean up.<\/p>\n\n\n\n

Everything is designed to save time, reduce noise, and help you move quickly without breaking things.<\/p>\n\n\n\n

We\u2019re building security that works with your workflow, not against it. And this is just the start.<\/p>\n\n\n\n

Let\u2019s walk you through what\u2019s new.
<\/p>\n\n\n\n

<\/span>1. Incremental (Delta) Scanning for Web Apps and API<\/strong><\/span><\/h2>\n\n\n\n
\"\"\/<\/figure>\n\n\n\n

The Problem
<\/strong>Full scans were too slow. Lightning scans were fast but lacked depth. There was no middle ground for teams that just wanted to test what changed<\/p>\n\n\n\n

The Solution
<\/strong>We introduced Delta Scanning. Astra now detects new or modified endpoints and runs full test coverage only on those parts of your app or API.<\/p>\n\n\n\n

The Impact<\/strong><\/p>\n\n\n\n

    \n
  • Scan times are reduced up to 80%<\/li>\n\n\n\n
  • You still get the depth of a full scan where it matters<\/li>\n\n\n\n
  • Ideal for agile CI\/CD pipelines
    <\/li>\n<\/ul>\n\n\n\n

    <\/span>2. JSON Export for Vulnerability Reports<\/strong><\/span><\/h2>\n\n\n\n
    \"\"\/<\/figure>\n\n\n\n

    The Problem<\/strong>
    <\/strong>Teams wanted more than a PDF. They needed vulnerability data in a machine-readable format that could plug into their own systems, dashboards, or workflows.<\/p>\n\n\n\n

    The Solution<\/strong>
    <\/strong>You can now export vulnerability reports in JSON format directly from the Astra platform. It’s structured, clean, and ready to be used wherever you need it.<\/p>\n\n\n\n

    The Impact<\/strong><\/p>\n\n\n\n

      \n
    • You can integrate scan data into SIEM tools, ticketing systems, or internal dashboards.
      <\/li>\n\n\n\n
    • Enterprise workflows can automate triage and reporting more easily.
      <\/li>\n\n\n\n
    • Your team gets full flexibility in how vulnerability data is consumed and acted on.
      <\/li>\n<\/ul>\n\n\n\n

      <\/span>3. Unique Vulnerabilities in Pentest Reports<\/strong><\/span><\/h2>\n\n\n\n

      The Problem<\/strong>
      <\/strong>Reports were cluttered with duplicate vulnerabilities across scans. This made it harder to focus on what truly mattered and often led to wasted effort during triage.<\/p>\n\n\n\n

      The Solution<\/strong>
      <\/strong>You can now toggle \u201cShow only unique vulnerabilities\u201d when generating Full or Management reports. This filters out repetition and gives you a streamlined view of the real issues.<\/p>\n\n\n\n

      The Impact<\/strong><\/p>\n\n\n\n

        \n
      • Reports are cleaner and easier to digest.<\/li>\n\n\n\n
      • You\u2019ll see around a 20 percent reduction in report size.<\/li>\n\n\n\n
      • It becomes simpler to focus on root causes rather than repeated symptoms.
        <\/li>\n\n\n\n
      • 20% reduction in report size
        <\/li>\n\n\n\n
      • Better visibility into root issues
        <\/li>\n<\/ul>\n\n\n\n

        <\/span>4. MFA Support for Web App Scanning<\/strong><\/span><\/h2>\n\n\n\n

        The Problem<\/strong>
        <\/strong>Apps with mandatory two-factor authentication (like TOTP-based 2FA) couldn\u2019t be scanned end-to-end without manual workarounds. That meant important sections were left untested.<\/p>\n\n\n\n

        The Solution<\/strong>
        <\/strong>Astra now supports scanning of TOTP-protected web apps. You can provide MFA secrets and login recordings during setup, allowing secure and automated access throughout the scan.<\/p>\n\n\n\n

        The Impact<\/strong><\/p>\n\n\n\n

          \n
        • You get full scanning coverage for 2FA-enabled targets.
          <\/li>\n\n\n\n
        • Access is handled securely and stays under your control.
          <\/li>\n\n\n\n
        • Your team is better prepared for compliance checks and audit requirements.
          <\/li>\n<\/ul>\n\n\n\n

          <\/span>5. Findings Response Body in UI<\/strong><\/span><\/h2>\n\n\n\n

          The Problem<\/strong>
          <\/strong>ome vulnerabilities were hard to interpret without seeing the full picture. Without the actual HTTP response that triggered the issue, teams had to guess what went wrong or replicate it manually.<\/p>\n\n\n\n

          The Solution<\/strong>
          <\/strong>Each vulnerability now includes a \u201cResponse\u201d section in the UI. It shows the full response headers and body from the triggering HTTP request, giving you complete visibility right where you need it.<\/p>\n\n\n\n

          The Impact<\/strong><\/p>\n\n\n\n

            \n
          • Easier root cause analysis<\/li>\n\n\n\n
          • More transparent and informative findings<\/li>\n\n\n\n
          • Findings are clearer and more actionable.<\/li>\n\n\n\n
          • Your team can make faster decisions during triage and remediation.
            <\/li>\n<\/ul>\n\n\n\n

            <\/span>6. Support for Larger Mobile Uploads (APK\/IPA)<\/strong><\/span><\/h2>\n\n\n\n
            \"\"\/<\/figure>\n\n\n\n

            The Problem<\/strong>
            <\/strong>Uploads for mobile app files were capped at 100MB. That limit, set by a third-party tool, forced users to rely on workarounds or share files externally, not ideal for security or speed.<\/p>\n\n\n\n

            The Solution<\/strong>
            <\/strong>Users can now upload files up to 300MB directly within the platform.<\/p>\n\n\n\n

            The Impact<\/strong><\/p>\n\n\n\n

              \n
            • Seamless onboarding for mobile assets
              <\/li>\n\n\n\n
            • Elimination of upload-related friction
              <\/li>\n\n\n\n
            • Faster test setup for mobile app pentests
              <\/li>\n<\/ul>\n\n\n\n

              <\/span>7. Scanner Agency Plan for MSSPs<\/strong><\/span><\/h2>\n\n\n\n
              \"\"\/<\/figure>\n\n\n\n

              The Problem<\/strong>
              <\/strong>Agencies and MSSPs often struggled with rigid licensing. Managing scans across multiple clients meant buying a separate license for each one, even when only a few were active at a time.<\/p>\n\n\n\n

              The Solution<\/strong>
              <\/strong>The new Scanner Agency Plan solves that. You get a flexible pool of targets, for example, 5 at a time, and can rotate them across clients after a 30-day cooldown. It\u2019s built for how agencies actually work.<\/p>\n\n\n\n

              The Impact<\/strong><\/p>\n\n\n\n

                \n
              • You get cost-effective coverage across multiple clients.<\/li>\n\n\n\n
              • Target rotation gives you flexibility without extra licenses.<\/li>\n\n\n\n
              • License management becomes simpler and more predictable.
                <\/li>\n<\/ul>\n\n\n\n

                <\/span>8. Trust Center Redesign<\/strong><\/span><\/h2>\n\n\n\n

                The Problem<\/strong>
                <\/strong>The earlier Trust Center took too much manual effort to set up. Customizing it for different stakeholders was clunky, and publishing updates felt more like a chore than a win.<\/p>\n\n\n\n

                The Solution<\/strong>
                <\/strong>The new Trust Center is faster, smarter, and built for scale. You get AI-powered content suggestions, a drag-and-drop editor, and a clean layout that\u2019s ready for customers out of the box.<\/p>\n\n\n\n

                The Impact<\/strong><\/p>\n\n\n\n

                  \n
                • You can launch a trust portal in just a few minutes.<\/li>\n\n\n\n
                • Sharing your security posture with customers is now effortless.<\/li>\n\n\n\n
                • You build credibility without getting stuck in the weeds.
                  <\/li>\n<\/ul>\n\n\n\n

                  <\/span>9. Platform-Wide Improvements<\/strong><\/span><\/h2>\n\n\n\n

                  Beyond the major features, we\u2019ve implemented several quality-of-life enhancements across the platform. These are the small but mighty changes that make security work feel less like work.<\/p>\n\n\n\n

                    \n
                  • Test Connectivity Before Scan Launch<\/strong>
                    <\/strong>Now you can check if a target is reachable before starting a scan. No more surprises from misconfigured endpoints.
                    <\/li>\n\n\n\n
                  • Delta Scan Toggle for All Users<\/strong>
                    <\/strong>You can now choose between Full or Incremental scans depending on your scope and urgency. More control, less waiting.
                    <\/li>\n\n\n\n
                  • Revamped Tables<\/strong>
                    <\/strong>API, Subscription, Target, and Compliance tables have been redesigned for faster load times and better visibility.
                    <\/li>\n\n\n\n
                  • Session Duration Control<\/strong>
                    <\/strong>Authenticated session durations can now be extended up to 48 hours. Perfect for scanning apps with complex login flows.
                    <\/li>\n\n\n\n
                  • Improved Vulnerability Navigation<\/strong>
                    <\/strong>Keyboard shortcuts, bulk actions, and advanced filters make triage faster and smoother.<\/li>\n<\/ul>\n\n\n\n
                      \n
                    • More Accurate Reporting<\/strong>
                      <\/strong>Scan states, risk scores, and vulnerability data are now more consistent across the platform and in downloaded reports.
                      <\/li>\n<\/ul>\n\n\n\n

                      <\/span>What\u2019s Next at Astra: The Future Is Closer Than You Think<\/strong><\/span><\/h2>\n\n\n\n

                      What\u2019s Coming Next: The Future of AppSec at Astra<\/strong><\/p>\n\n\n\n

                      This summer, we focused on making security faster, smarter, and easier to work with. But we\u2019re just getting started.<\/p>\n\n\n\n

                      In DAST<\/strong>, we\u2019re pushing for deeper API coverage and smarter scans that adapt to your app\u2019s architecture. Threat model testing is becoming more precise with test cases tailored to the specific structure of your application. A redesigned dashboard is also on the way, built to quickly surface the right insights, allowing your team to take action faster.<\/p>\n\n\n\n

                      In API Security<\/strong>, self-serve onboarding is coming soon, so you can activate protection in minutes without waiting for manual setup. Detection for critical risks, such as broken access control, is being upgraded, and new compliance mappings are on the way, including PCI, DORA, and NIST 2. These will help you align your APIs with evolving regulations.<\/p>\n\n\n\n

                      For Pentesting and Compliance<\/strong>, we\u2019re streamlining everything from planning to reporting. Expect compliance-ready reports for SOC 2, HIPAA, and ISO 27001, along with broader vulnerability mappings, to help you close audits faster and with less friction.<\/p>\n\n\n\n

                      And then there\u2019s our AI roadmap<\/strong>. Soon, AI-powered suggestions will help developers fix issues directly inside their IDEs. AI agents will simulate complex attack paths to uncover deeper flaws. You\u2019ll also see smarter crawling, issue enrichment, and logic-aware detection to catch vulnerabilities that used to fly under the radar.<\/p>\n\n\n\n

                      At every step, the goal remains the same: to build security that fits your stack, integrates seamlessly into your workflow, and grows with you.<\/p>\n\n\n\n

                      The next version of Astra is already in motion. You\u2019ll be seeing it soon.<\/p>\n\n\n