May
NG Production Release Update - APIsec_cloud_7.5.1.0 ( May 05, 2026 )
This release improves integration, visibility, and usability across the platform. Key updates include in-product CI/CD script generation, scan source tracking for better auditability, and redesigned Team Management and Applications pages for more efficient access and prioritization. The Guided Actions panel helps users quickly understand application health and take targeted actions such as configuring authentication, improving coverage, and addressing findings, while TLS version detection enhances security by identifying outdated configurations.
SSL/TLS Version Detection
APIsec now detects deprecated TLS versions (TLS 1.0 and 1.1) and reports them with supporting evidence, including the negotiated cipher suite. This applies to both cloud and hosted agent scans.
Why this matters
- Identifies outdated and insecure configurations
- Helps enforce modern security standards
- Improves visibility into transport-layer risks
Parameter Hydration — Custom Authentication Support and Reliability
The parameter hydration agent now supports applications with custom authentication and includes additional resiliency for applications using static API keys. This ensures parameters are discovered and processed reliably without failures across different authentication setups.
Why this matters
- Enables consistent parameter discovery for APIs using custom authentication and API keys
- Reduces hydration failures, improving overall scan coverage
- Improves reliability and performance for large and complex applications
CI/CD Integration — Script Generation in the UI
You can now generate CI/CD pipeline scripts directly from the Application page. Select your pipeline type (GitHub Actions, GitLab CI, Jenkins) and copy a ready-to-use script with pre-filled Application and Instance IDs. CI/CD setup instructions are also available from the Integrations page.
Why this matters
- Simplifies pipeline integration setup
- Eliminates manual configuration errors
- Speeds up CI/CD onboarding
Scan Source Tracking
Scan History now shows how each scan was triggered (Manual, Scheduled, or CI/CD).
Why this matters
- Improves the auditability of scan activity
- Distinguishes automated vs manual scans
- Helps track CI/CD-driven testing
Guided Actions Panel
A new Guided Actions panel provides a health score, real-time status indicators, and contextual recommendations based on the application's current state. Users can quickly identify issues across authentication, configuration, coverage, and findings, and navigate directly to the relevant areas.
Why this matters
- Highlights what needs attention across key areas in one place
- Provides actionable recommendations based on the current state
- Reduces time spent navigating and diagnosing issues
Applications Home Page Redesign
The Applications page now includes risk scoring, advanced filtering, and improved visibility into application status.
Why this matters
- Quickly identify high-risk or untested applications
- Simplify filtering and prioritization
- Improve visibility into team ownership and risk
New Team Management Experience
Team Management has been redesigned into a unified workspace with improved usability and performance.
Why this matters
- Simplifies management of teams, users, and business units
- Reduces navigation overhead
- Improves responsiveness and usability
Team Management — Application Assignment
You can now assign and manage applications directly within the Team Management view.
Why this matters
- Eliminates the need to navigate to individual applications
- Centralizes access management
- Speeds up onboarding and team configuration
Quick Start Authentication (Paste Token)
You can now run scans by pasting a bearer token directly into the configuration—no setup required.
Why this matters
- Speeds up onboarding for secured APIs
- Reduces configuration effort
- Enables quick validation workflows
Register Applications Using Burp Proxy XML
We have extended non-OAS onboarding to support Burp Proxy XML exports. You can now register applications using traffic captured in Burp, enabling onboarding when API specifications aren't available. APIsec parses the Burp XML, converts it into an OpenAPI Specification (OAS), and extracts the environment base URL during registration. You can review and update the base URL before completing setup. Once registered, the generated OAS is available for download, allowing you to refine or extend it and reload the updated specification as needed.
Why this matters
- Expands onboarding support for APIs without existing specifications
- Leverages Burp captures to quickly bring APIs into testing
- Reduces dependency on formal API documentation
- Provides flexibility to refine and reuse the generated API specification