Wow, topic of the month was clearly the general data protection regulation by the European union. But this post should be not one of them, although some commits have been also related to updates of some terms.
What else happened so far:
- New features for Nimbusec Website Security Monitor
- New features for Nimbusec Discovery
Nimbusec Website Security Monitor News
Our API docs are now hosted on Swaggerhub. Also known as OAS (Open API Specification Standard) it is possible to upload an API description which is documented in a standardized way. Not only the API docs are readable really nice for developers through Swaggerhubs portal. It may be also possible to generate an API client automatically from this documentation, because of standards, for the language of choice.
Of course we use the current standard 3.0 for documenting.
Find our APIs now here: https://app.swaggerhub.com/search?query=%20nimbusec-apis
Agent Updates (v14)
That is a huge one. Some times a year we update one of our very first piece of software we wrote for our customers. The so called Nimbusec Server Agent. It is used to scan through source code on web servers and detect web shells, which are not seen from the outside.
The best is, that we don’t need to interfere with the website’s traffic nor we need to trigger the agent from the oustide or expose any client data.
An update means we improved things, and this one is sure one of the biggest updates since the beginning. The agent learned a new way to interpret source code. Therefore we also needed a new model, which is trained via machine learning algorithms. Therefore we learned how to use multiple models at the same time, depending of the capabilities of the agent.
And of course, we had to re-learn and re-evaluate our training set of a few million files a few hundred times.
As a result, the agent in version 14 now can detect more kinds of web shells because our service can analyze the agents data in a more accurate way.
But the roadmap is going further and another yet top secret feature is on its way.
This is no excuse to not install the current version of the agent -> because it is really simple to do so, by just switching the binary.
Crypto Mining v2
Previously this year we already introduced detection of crypto miners on websites. Now we introduce the second big iteration here (v2).
We did not only constantly increase our signature database, but we also extended our detection algorithm. And we can now also analyze traffic of a web socket – with just the one visit we come by as usual.
Why is this important: web sockets reveal if a crypto miner is actually actively mining or not. And we think it is not a good idea if mining starts before given consent by the visitor.
Great and … well, nothing to do for our customers here as this new feature is implemented without any further configuration. Worst thing to happen that we find more crypto miners injected in your websites.
Nimbusec Discovery News
Beneath the usual stability and performance fixes we also improved here a little from the last time (posted in Feature February).
The Alexa rank is a good metric to know how important is a website to the public. Unfortunately the API changed without further notice and so we had to move fast on this one (means: feature already live, but now we talk about it).
For the period of a weekend we didn’t collect Alexa ranks for our discoveries – lucky us, we do not usually generate discovery reports on weekends. Now we have a new method to collect the information we need and it is more stable as before, as we “cache” the results for some time, just in case the service crashes again.
Search Engines API
Also APIs of the search engines change from time to time. This time we have been notified in advance and so there was plenty of time to do a makeover as intended without hassle.
As a consequence the search results get better and better, and also our queries are raising. Both things are good signs. Thank you.
Crypto Mining v2
What happens for Nimbusec Website Security Monitor also happens mostly for Discovery. The new detection algorithms also run for Discovery.
The story here is a bit mixed up. Initially we implemented crypto mining detection for Discovery only. But it worked our so good, that we quietly introduced it also for our Website Security Monitor. Afterwards we improved the detection, and displayed the new data first in Website Security Monitor, and shortly after now in Discovery as well.
Autonomous System Number (ASN)
For the web admins, IT staff and all those who know what ASN means – we now track this information as well in Discovery.
**Why? **Because it provides information on which networks domains are accessible and therefore where they reside.
Where’s the feature? It is in the background for now. Only thing you see, we collect IP addresses of web serves of domains. This information is shown. In the background we also know about ASN. This information is not shown, but can be exported if needed.
We still are in the design phase where it makes most sense to show this information.
That’s it for the GDPR may. Hope you liked this roundup.