Highlights
Automations
Aptori Automations supercharge your security operations by embedding intelligence, context, and actionability directly into your SDLC. As new vulnerabilities are discovered, Aptori automatically triages, enriches, and routes findings—eliminating noise, accelerating remediation, and aligning results with your risk and compliance goals.
With Aptori Automations, your team can focus on what matters most, without being overwhelmed by duplicate findings or manual workflows.
Endpoint Exposure Analyzer
The Endpoint Exposure Analyzer helps secure your applications by proactively identifying exposed management, diagnostic, and debug endpoints that may have been unintentionally left accessible.
Release Notes
2025.6.1
New Features
- Automations
Automations embed intelligence into your SDLC by automatically triaging, enriching, and routing vulnerabilities. This eliminates noise, accelerates remediation, and helps teams align with their risk and compliance goals. - EndpointExposure Analyzer
The EndpointExposure analyzer scans for exposed management, diagnostic, and debug endpoints across popular frameworks, helping developers lock down or remove unintended sensitive paths before deployment. - Project Migration API
A new Project Migration API allows owners to move a project—along with all its assets and history—to a new group.
Enhancements
- Latest API Spec for Scans
Scans now use the most recently updated API specification by default, ensuring the latest version is always evaluated. - Generator Uploads from Postman
You can now upload generators via Postman Collections, with support for extracting generators from multiple collection levels.
Bug Fixes
- Scan Result Comparison Fix
Fixed an issue where comparing two scan results did not display correctly in the table view.
Sift
- Added
- --time-limit CLI Flag
The new --time-limit flag for sift run overrides the configured run time limit. - allFields Analyzer Configuration
Added allFields configuration to injection analyzers (CmdInjection, NoSqlInjection, SqlInjection, SstInjection) to attempt attacks across every field of a request. - EndpointExposure Analyzer
Introduced the EndpointExposure analyzer, scanning for sensitive, exposed endpoints across frameworks to catch security risks early.
- --time-limit CLI Flag
- Changed
- Request Log Source Tracking
Each entry in the requests log now includes a source property indicating whether it was generated by the baseline engine ("sift") or a specific analyzer (by name).
- Request Log Source Tracking