Changelog

New features and updates from Needle.sh

16 Jun 2020

Image

Webhooks

Receive security alerts on webhooks to build custom alert handling logic and integrate with 3rd party tools.

Other changes

  • Centralised alerts management to easily set up alerts for your web apps
24 May 2020

Image

Combined module for security headers

You can manage all the security headers from one place with the new security headers module. Turn headers on/off and set the header values easily.

Other changes

- Security modules are now turned on by default for a new app

18 May 2020

Image

Server Side Request Forgery (SSRF) protection

Protect your internal applications being accessible to attackers with the new SSRF module. Needle.sh’s SSRF protection module blocks suspicious HTTP requests to internal addresses if they are injected as part of user input.

Local File Inclusion (LFI) protection

With Local File Inclusion (LFI), an attacker tries to steal data by tricking a web application into opening sensitive local files. Needle.sh protects against LFI attacks by blocking opening of sensitive file paths injected in user input.

30 Apr 2020

Image

Slack integration

Get security incident alerts on your Slack channels with our Slack integration.

27 Apr 2020

Image

Content Security Policy (CSP)

We have added the Content Security Policy (CSP) module to manage the policy for your web apps. CSP is a powerful header with wide browser support, but managing the policy and violations is hard.

With Needle.sh's CSP module, you can manage the CSP with our easy to understand interface. Set the policy in blocking or monitoring mode, manage violation reports and keep track of sources.

16 Apr 2020

Image

Shellshock protection

The Shellshock (also known as "Bashdoor") vulnerability can enable attackers to perform arbitrary commands on the underlying system hosting your web servers. Needle.sh protects your web applications by blocking requests containing payloads that could trigger this attack.

06 Apr 2020

Image

Needle.sh is out of Beta

After months of working on the product and testing with early customers, we are officially out of Beta. The Needle.sh SDK provides modules for SQL injection, Cross Site Scripting (XSS), Command Injection, Security scanner protection and security headers.

Needle.sh SDK is currently available for Python and Node.js web apps.