Release/

August 2025

Features
Highlights

Aptori Proxy

Aptori Proxy enables secure, controlled testing of public deployments from inside your private network, ensuring centralized control, full visibility, and unified reporting.

Release Notes

25.8.1

New Features

  • User-Configurable Endpoint Exposure Rules
    In the Admin Portal under Sift Tool Settings, administrators can now define a list of sensitive endpoints to check for. This is a global setting and is automatically applied to all Sift instances across the enterprise.
  • Aptori Proxy Configuration
    Organizations can now configure the Proxy URL in the Admin Portal for use by all Sift scans.
    • Additionally, under Key Settings, administrators can download the public key file (JWKS) required for configuring the Aptori Proxy.
  • Reports
    • User Report: Lists all users, including signup date and last login date.
    • Invites Report: Lists users who have been invited but have not yet joined the system.

Enhancements

  • All Issues Page for an Asset
    The All Issues page now includes both a table view and the existing resource view.
    • Issue links have been fixed to correctly map to their respective issue details.
  • Project Table Enhancements
    The Projects table now displays risk metrics from the latest run, offering improved visibility into current risk posture.

SDK Enhancements
No SDK enhancements in this release.

Bug Fixes

  • Invites
    • Email addresses are now treated as case-insensitive during invite processing.
    • The selected group is now correctly displayed when sending an invitation.

Sift Version 25.8.1

New Features

  • Proxy Support
    Sift can now optionally send requests through a proxy.
    • Use the configuration property .testProfile.useProxy or the CLI flag --use-proxy.
    • Proxy configuration is managed in the Platform Admin UI.
    • Only requests with an HTTPS scheme are sent through the proxy.
  • Log Full Requests
    Added CLI flag --log-requests-full to log requests without redacting authorization credentials, useful for advanced debugging.

Enhancements

  • Configurable EndpointExposure Rules
    The EndpointExposure analyzer now uses rules retrieved from the Tool Settings in the Platform.
    • This allows organizations to override the default rules used to detect exposed endpoints.
  • Sensitive Credential Redaction in Logs
    The existing --log-requests flag now redacts sensitive authorization credentials when logging requests.
    • To retain the previous behavior, use the new --log-requests-full flag.

Aptori Proxy Version 25.8.1

New Features

  • Authenticated HTTP CONNECT
    Aptori Proxy now supports authenticated HTTP CONNECT requests to target applications.
  • Token Replay Protection
    Access tokens     are now restricted to single-use, preventing replay attacks.
  • JWKS Support for Token Validation
    Public key validation is required using a JWKS file provided via the --jwks CLI flag.
  • TLS Configuration
    Supply TLS certificate and private key using CLI flags --cert and --key.
  • Default Port Configuration
    The default port is 8443, but can be customized using the --port flag.

Aptori
Aptori is the AI for the good guys—enabling security teams to reduce risk, accelerate secure releases, and ensure continuous compliance.

Aptori is the leader in autonomous application security, delivering the first deterministic AI to detect and remediate business logic vulnerabilities with precision.

The Aptori AI Security Engineer proactively identifies, prioritizes, and fixes vulnerabilities across code, APIs, applications, and cloud environments. By eliminating security backlogs and freeing engineering capacity, Aptori empowers teams to innovate faster and ship secure software at scale.
PLATFORM
Why AptoriProduct Updates
          
RESOURCES
InsightsGuidesGlossaryWhite PapersDocumentation
SOLUTIONS
AI-Driven AppSecAI Security EngineerAI Code FixApplication Security TestingAPI Security TestingAPI Risk AssessmentPrevent BOLA AttacksPCI DSS 4.0 Compliance
NEWSLETTER
Get monthly news and insights in your inbox