New features and updates from Needle.sh
Receive security alerts on webhooks to build custom alert handling logic and integrate with 3rd party tools.
You can manage all the security headers from one place with the new security headers module. Turn headers on/off and set the header values easily.
- Security modules are now turned on by default for a new app
Protect your internal applications being accessible to attackers with the new SSRF module. Needle.sh’s SSRF protection module blocks suspicious HTTP requests to internal addresses if they are injected as part of user input.
With Local File Inclusion (LFI), an attacker tries to steal data by tricking a web application into opening sensitive local files. Needle.sh protects against LFI attacks by blocking opening of sensitive file paths injected in user input.
Get security incident alerts on your Slack channels with our Slack integration.
We have added the Content Security Policy (CSP) module to manage the policy for your web apps. CSP is a powerful header with wide browser support, but managing the policy and violations is hard.
With Needle.sh's CSP module, you can manage the CSP with our easy to understand interface. Set the policy in blocking or monitoring mode, manage violation reports and keep track of sources.
The Shellshock (also known as "Bashdoor") vulnerability can enable attackers to perform arbitrary commands on the underlying system hosting your web servers. Needle.sh protects your web applications by blocking requests containing payloads that could trigger this attack.
After months of working on the product and testing with early customers, we are officially out of Beta. The Needle.sh SDK provides modules for SQL injection, Cross Site Scripting (XSS), Command Injection, Security scanner protection and security headers.
Needle.sh SDK is currently available for Python and Node.js web apps.