November 2021 Updates 🎉🎉


Hello there,

A few updates from Traceable, we have been working away at introducing new features and improvements based on our customer asks. Thank you for supporting us and providing candid feedback, keep it coming !!

Traceable Platform Agents and Tracing Agents are released asynchronously from the platform features and they can be found here

🎉Risk Scoring Customization ANNOUNCEMENT 

  • In this release, we are making risk customizable on a customer by customer basis. Each of contributing factors in Likelihood and Impact is explicitly listed including the metrics that are assessed to evaluate the factor. The contribution of the factor to the overall API Endpoint Risk score as well as the lookup table for the matches between the numeric score and the stated risk level are customizable as well. API Endpoint granularity for risk can be achieved by labelling the API Endpoints as Critical, Sentry or other.

🎉Cookie parsing IMPROVEMENT 

  • In this release, we add parsing each cookie into key-value pair in addition to previously available parsing of the API Endpoint query, headers and body for requests and responses

🎉New Custom Rules IMPROVEMENT 

  • IP range blocking rules can now be configured easier. Two additional options are ‘Never block’ and ‘Block all except’. This will help easily exclude internal IPs and Pentesters from being blocked and simplify the workflows. 
  • Geo-location blocking is now available. Customers can specify the regions that should not be allowed to use the protected applications. This blocking can be configured by explicitly listing disallowed regions or by exception.

🎉Self Pay Option Announcement 

  • Team trial or free tier users can upgrade to Team tier 
  • Monthly and Annual plans available
  • Increase/Decrease endpoints and calls over time based on antiquated usage.

🎉RBAC Update with Security Analyst Role Improvement 

  • Security Analyst look for security events and threats in APIs and applications. They are typically part of the Security operations centre (SOC) teams or part of product security teams and need to be aware of any security events as soon as they occur. 
  • Security analyst role added to complement the Account Owner, Security Admin, Developer roles already present in Traceable. 

🎉More options for data collection Announcement 

  • We’ve extended the breadth of data collection by adding support for mirroring in AWS. This is an agentless solution that mirrors traffic from supported AWS targets. More details are available here
  • Newly released Python tracing agent supports auto-instrumentation and blocking. Data can be collected from Python applications without changing source code. 

🎉UserID based BOLA Improvement  

  • Additional type of an authorization bypass is now detected based on a mismatch in the UserIDs. This is another example of session based anomaly which can only be detected by context-aware solutions like Traceable, but not by legacy WAFs.