Resources

Purplemet Cloud 1.28.0 New Features

,

October 13, 2025

|

min read

Updates and new features

Purplemet Cloud 1.28.0 is now available! This new version features several updates and enhancements compared to the previous version, as described hereafter.

DKIM Selectors Configuration

It is now possible for users to provide a list of selectors to use when discovering DNS records related to the DKIM policy and to provide the list of available public keys. The selectors can be specified in a new DKIM – DomainKeys Identified Mail section when editing a domain.

The DKIM section on a domain’s detail page includes a new DKIM – DomainKeys Identified Mail subsection indicating whether the provided selectors made it possible to detect a valid DNS record for the DKIM policy.

Note: You must run a new discovery to test any selector newly entered by a user.

Strengthening Authentication Mechanisms per User Account

It is now possible to define, for each user account, the authentication methods that are allowed, taking precedence over the settings applied at the subscription level. This change notably allows you to create backup accounts when setting up SSO: while all users must log in through SSO, one or more accounts can be configured to continue using username and password access.

Subscription administrators can now define, directly at the user account level, the allowed authentication methods:

  • For username/password authentication, this method can be allowed or denied for the account, independently of the subscription-level option.
  • For SSO authentication, the account can be denied this method if SSO is enabled at the subscription level.

The subscription page now includes additional information for subscription administrators about the use of various authentication methods.

Whois Analysis and Correlation with RDAP Data

Purplemet now retrieves domain information via Whois and consolidates it with information already retrieved via RDAP, to present it to users. The domain page has been updated to include consolidated WHOIS and RDAP information:

  • A new Registry section shows the domain’s Registry Domain ID
  • A new WHOIS Information section shows the WHOIS server and the WHOIS data collected from that server
  • The RDAP Information section adopts the new format of the WHOIS section to present the RDAP data collected from the RDAP server

New columns indicate whether WHOIS and RDAP information could be retrieved for each domain.

Detection & Analysis of Domains’ BIMI Policy

BIMI is a protocol that allows companies to display their brand logo next to their authenticated emails in the recipient’s inbox (for example on Gmail, Yahoo Mail, or Apple Mail). It helps strengthen trust between sender and recipient while boosting brand image. Purplemet now lets users monitor the implementation of a BIMI policy across all their domains by adding a new BIMI column indicating whether the policy has been implemented and whether errors or suggestions are available.

The domain detail page also provides more information about the implementation of this policy in a new BIMI – Brand Indicators for Message Identification section, explaining the purpose of the mechanism, the standards governing it, and the DNS records configured for this policy.

Note: This feature requires launching a new “Domain discovery” on the domain.

Certificates – Providing the Certificate in PEM Format

When analyzing a web application, Purplemet now collects the PEM contents of the web application’s certificate and its entire certificate chain. Users can view these contents from the certificate detail page and download them.

A new PEM Contents section is available for each certificate shown in the Chain tab of a certificate’s detail page.

A new Download PEM action has been added to the certificate detail page to let users download the certificate and the entire certificate chain in PEM format.

Viewing Certificate Extensions

The Certificate Chain tab of a certificate detail page has been redesigned to provide the full set of information for the certificates in the chain, notably the X.509 extensions included in these certificates, giving a complete view of the configuration used when the certificate was created.

In-Depth Certificate Review

The Details tab of a certificate’s detail page has been overhauled to provide a global view of the certificate and identified issues. This review is organized around:

  • The identity of the certificate owner and the subdomain names included in the certificate
  • The certificate authority that issued and signed the certificate, verifying that the certificate is not self-signed
  • The certificate’s validity dates, to check whether the certificate is active and not expired
  • The revocation status of the certificate, providing ways to verify this status
  • The security level allowed by the encryption and signing algorithms used by the certificate and its associated key pair
  • The types of use allowed by this certificate, and the actual use of this certificate in your web applications.

This review comes with new widgets on the certificates dashboard:

  • Last Certificates with Issues shows the latest certificates collected during analyses that present configuration problems
  • Validation Type provides the distribution of certificates by the validation type used by the certificate authority to verify the certificate owner

Revocation Checking of the Certification Chain

Analyses now verify whether the certificate used by the web application is revoked, as well as all certificates in the certification chain. The tab has a new format, including a Revocation Status section where the user can find information related to revocation status checks. It shows the revocation lists and/or OCSP services used for verification, the date of the last check, and of course the application’s revocation status as of the last analysis.

The Certificates in Activity widget now includes revoked certificates, identified with a Revoked status.

A new Last Revoked Certificates widget has also been added to list the most recently revoked certificates.

Additional Updates

  • The API documentation now includes all the methods available to users for managing certificates.
  • The API documentation now includes all the methods available to users for managing IP addresses.
  • Changes Detected notifications have been modified to distinguish results collected during a first web application analysis or domain discovery.
  • Periodic reports showing changes to web applications during the selected period now provide a distribution of changes by severity. These changes make it possible to immediately identify the criticality of changes and log into the platform to review reported issues.
  • Administrators can now join the BETA program on their own to test certain features in preview.

Continue reading

Product Updates

Log4j Attack Surface Monitoring

,

December 19, 2021

|

4

min read

Product Updates

Purplemet Cloud 1.5.0 New Features

,

June 2, 2020

|

4

min read

Product Updates

Purplemet Cloud 1.10.0 New Features

,

April 27, 2021

|

5

min read

Join 100+ Organizations and Secure Your Web Attack Surface with Purplemet

Purplemet
Schedule a Demo
Get Free Security Assessment