Release/

July 2025

Features
Highlights

Group-Scoped Patterns

Group-Scoped Patterns extend Aptori’s flexible testing framework by allowing teams to define and manage custom patterns at the group level, in addition to existing global patterns.

Release Notes

2025.7.1

New Features

  • Group-Scoped Patterns
    In addition to global patterns, you can now define patterns scoped to specific groups. These can be added by any member of the group, enabling more tailored and decentralized testing strategies.
  • New Type for Patterns: JSON
    Introduced a simplified JSON pattern type to replace the older OneOfJSON. The new type streamlines configuration while maintaining equivalent functionality.  The Patterns configuration in the UI accepts multiple choices for the value of a field.

Enhancements

  • UI Improvements
    Refreshed the Runs and Issues pages for a cleaner and more intuitive interface.
    • When viewing an issue, you can now click on previous detections to view evidence from specific runs.
    • The revision history clearly displays the last updated timestamp for better auditability.

Bug Fix

  • Revision Handling
    Sift now correctly uses the latest revision of an OpenAPI revision during scans.

Sift

New Features

  • New Generator: json
    Introduced the new json generator, which replaces OneOfJSON.
    • json uses the configuration property values.
    • OneOfJSON uses options.
    • Functionality is identical; naming has been standardized.
  • Template Expression Updates
    Template action strings are no longer quoted by default.
    • Use quote() for quoted JSON-escaped strings.
    • Use js() for escaping without quotes.

Enhancements

  • BrokenObjectLevelAuth Analyzer
    Now supports both multi-user and single-user attack scenarios.
    • The BrokenObjectLevelAuthSingleUser analyzer is deprecated but still supported (with a warning).
    • If both analyzers are present, only BrokenObjectLevelAuth will run.
  • PasswordExposure Analyzer
    Behavior now better conforms to the documentation:
    • Detects fields named "password" with values of 4 or more characters.
    • Detects any string that includes "password" and a likely password value.
  • EndpointExposure Analyzer
    Removed /actuator/health from the list of paths considered exposed.
  • Regex Generator
    Now uses the same random number generator as other generators when a seed is set, ensuring consistent behavior.
  • DataExposure Analyzer
    • Evaluates all response fields and reports on all matching pattern rules.
    • Findings can now include optional metadata such as title, fault ID, severity, reason, and remedy.
    • Displays warnings for unsupported rule types in pattern sets.
  • Generator Naming Standardization
    Generator names now use kebab-case (e.g., date-time, int-range, json, regex).
    • CamelCase variants (e.g., OneOfJSON) are deprecated and may be removed in future releases.

Bug Fixes

  • Template Expression Evaluation
    Template expressions in referenced TestProfile files are now correctly evaluated when specified via configuration or CLI flags.

Aptori
Aptori is the AI for the good guys—enabling security teams to reduce risk, accelerate secure releases, and ensure continuous compliance.

Aptori is the leader in autonomous application security, delivering the first deterministic AI to detect and remediate business logic vulnerabilities with precision.

The Aptori AI Security Engineer proactively identifies, prioritizes, and fixes vulnerabilities across code, APIs, applications, and cloud environments. By eliminating security backlogs and freeing engineering capacity, Aptori empowers teams to innovate faster and ship secure software at scale.
PLATFORM
Why AptoriProduct Updates
          
RESOURCES
InsightsGuidesGlossaryWhite PapersDocumentation
SOLUTIONS
AI-Driven AppSecAI Security EngineerAI Code FixApplication Security TestingAPI Security TestingAPI Risk AssessmentPrevent BOLA AttacksPCI DSS 4.0 Compliance
NEWSLETTER
Get monthly news and insights in your inbox