With our january release we change the way applications will be detected on websites. That will lead to some new old alerts.
Our analysis bot tries its best to get the most accurate application and version out of your website, without producing more requests than necessary (and that is exactly one!). Also we try to provide the most accurate information to you, if an alert occurs.
Our current analysis didn't consider redirects for analysis, and therefore produced probably incorrect alerts, because the URL shown in the alert, did not necessarily match the URL where the application was found. Another possibility was, that we didn't create an alert for a CMS, if that occurred on the target address of an redirect.
Quite simple the solution: aside the origin URL which was the starting point of a scan, we also analyse the redirecting target of that URL.
To be not too confusing with the alerts in the future, we thought of an easy way to show the correct URL in the alert message, if one occurs.
In the alert, the URL is now trimmed to SCHEME + HOSTNAME.
www.somewebs.it —REDIRECTS–> www.anothers.it/e/landingpage
The new alert now shows the redirection target for example:
That is a common example, where an outdated PHP is found on the redirecting server (www.somewebs.it), but the target's (www.anothers.it) PHP version is okay.
On the other hand, the redirect target has an outdated CMS installed, which is also notable.
Our old alerts showed both alerts, but with just the origin URL, which was misleading in this case and lead to some confusion.
This update will be released in KW2, 2021.