PHP agent v0.11 and daemon v0.9 (beta)

This version aims to improve both the performance and adding support for whitelist feature.

Agent changelog:

  • Global performance improvement
  • Send parsed parameters to the daemon
  • Performance improvement on PHP processes creation

Daemon changelog:

  • Support record of PHP traceback
  • Global performance improvement

Python agent 1.5.2 released

This minor release improves the overall stability and performances of the Python agent.

Changelog

  • Bugfix: prevent a possible clash between vendored libraries and user-installed ones.
  • Improved CLI parsing.
  • Minor performance improvements.

NodeJS agent 1.10.0 and 1.10.1 released

Setup troubleshooting helper

To help you troubleshoot your setup, the agent will inform you that it hasn't been required first and list all the modules required before. Please note that NodeJS core modules are not detected thus won't be listed.

Other improvements

  • CRS patterns min_length control, improving the overall performances.
  • Requests are cleaned at response time (memory footprint improvement).
  • Reduce the usqge of setImmediates (memory footprint improvement).
  • Hook detection uses hasOwnProperty.

We highly recommend you to update the Sqreen modules in your application as soon as possible in order to benefit from the best level of protection.

Latest improvements

Performance improvements

Lots of performance improvement were introduced in the last couple of weeks. You should experience a nice speed bump on both the agents and the dashboard.

New pulse: Detecting attackers early in one single pulse

Now Sqreen sends a pulse when we detect a suspicious user. We only alert you when the risk is high, for example when they:

  • break your app repeatedly, in an attempt to find bugs
  • scan your app for known vulnerabilities
  • actually launched an attack on your app

This new functionality for detect suspicious users is in addition to Sqreen’s ability to detect and prevent attacks, of course.

Lots of smaller UI improvements

During the last couple of weeks, we also introduced several UI improvements:

  • Improved security event details and security events list
  • User agents are now "humanized"
  • Lower priority events are now aggregated on the user view

PHP in Public Beta Support 🐘

Sqreen released its PHP support in public beta. Give it a try if you have a PHP app running! Learn how to get started with PHP.

Whitelisting/Blacklisting improvement

Whitelisting/Blacklisting have been improved in Sqreen.

Whitelisted IP/Path will not be covered by the protection (admin interface, internal demo apps, etc.)

This feature requires an agent update.

Sqreen now available on Heroku

Sqreen is now on the Heroku Marketplace! You can now protect your Heroku applications in just a few commands.

How to get started with Sqreen on Heroku?

  1. Log in to your account

  2. Head over to the Sqreen Add-on page and click on “Install Sqreen”

  3. Select the app to install Sqreen on the interface

  4. Select your plan (Sqreen is currently Free in Beta)

  5. Follow the instructions on the documentation page to install the Sqreen agent in your app

  6. Click on the Sqreen Add-on to check your Dashboard and see the threats that Sqreen identified and blocked

Content Security Policy made easy

Sqreen now supports automated Content Security Policy.

You can now add a Content Security Policy (CSP) in your web application in just one click.

  • New directives are suggested and you are able to update the policy directly from the user interface.
  • You are notified whenever peaks of violations are triggered by assets which are not part of your policy. You can then add new assets from the user interface.

Sqreen now supports teams!

Teams can now work together to protect apps! 🎉 You can invite team mates directly from your dashboard and work together on your application security.

Sqreen API section

You can now get your API key directly from your Sqreen dashboard. Documentation is available here. Feel free to ping us if you need anything!

New Developer plan (Free)

We just introduced our free developer plan which allows free use of our APIs. You just need to create a new "API Sandbox" app, and you'll be all set!

No published changelogs yet.

Surely Sqreen will start publishing changelogs very soon.

Check out our other public changelogs: Buffer, Mention, Respond by Buffer, JSFiddle, Olark, Droplr, Piwik Pro, Prott, Ustream, ViralSweep, StartupThreads, Userlike, Unixstickers, Survicate, Envoy, Gmelius, CodeTree