POST data protection now included. Rules as Query String validation of SQL injection and XSS attacks are now applied to POST data as well.
Enhanced protection against URL Encoded attacks.
Numerous bug fixes and other under the hood enhancements.
Changes in version 1.2.0 (6/2008):
Added built-in rules for detecting SQL injection and XSS in query string parameters.
Removed user prompt when switching from training into monitoring mode and made inactive the default monitoring mode.
Fixed various bugs in the Microsoft Management Console user interface.
Fixed issue with WHOIS lookup due to change in RIPE format.
Changes in version 1.1.0 (3/2008):
Added Security Mode right click control to main Settings Manager UI.
Modified post installation default Security Mode and provided on-screen alert to prompt admin to select desired Security Mode once training has been completed.
Modified security functionality and reporting to support local proxy servers using the XFF (X-Forwarded-For) request header.
Enhanced "Use Existing IIS Logs for Training" functionality for better performance and accuracy of log imports.
Modified Trusted IP default settings to make product evaluation easier.
Changed default for HTTP Method signature rule on Trace requests to automatically disable IP addresses that make this type of method request to IIS in the future.
