September 2020 Update for Invicti Standard 5.9
This blog post announces the September 2020 update for Invicti Standard 5.9. The highlights of this release are a signature limit for rewrite matched links, a crawling limit for Not Found links, a new WASC report template, an exclude authentication pages option, and new Out of Band vulnerability details.
Your Information will be kept private.
Your Information will be kept private.
We’re delighted to announce the release of Invicti Standard 5.9. The highlights of this release are a signature limit for rewrite matched links, a crawling limit for Not Found links, a new WASC report template, an exclude authentication pages option, and new Out of Band vulnerability details.
We have also added improvements and fixes.
Signature Limit for Rewrite Matched Links
With the Scan Policy Editor feature of Invicti Standard, you can already configure many elements of the crawling stage of the scan. We have added a new signature limit for URL rewrite matched links. The default setting is 9. This value must be between 1 and 10000.
For further information, see Configuring Scan Policies – Crawling.
Crawling Limit for Not Found Links
The HTTP 404 error message is a response code to show that the server could not find the requested web page. We have added a crawling limit for Not found (404) links. This is the maximum number of 404 samples a scan will collect. The default value is 1000. This value must be between 0 and 2500.
For further information, see Configuring Scan Policies – Custom 404 and Not Founds Node.
New WASC Report Template
We have added a WASC classification report template. The WASC Threat Classification Report allows you to view only those identified issues that fall under the Web Application Security Consortium’s threat classification. Invicti Standard can generate the WASC Threat Classification Report in HTML and PDF format, so you can see only those vulnerabilities that fall under this classification.
For further information, see WASC Threat Classification Report.
Excluding Authentication Pages
The Scan Scope feature in Invicti Standard allows you to define which parts of the target web application should be crawled. We have added an option to exclude authentication pages. We have also removed authentication related regexes from default settings. This helps you further limit the scope of the scan as required.
For further information, see Scan Settings – Scope and How to Configure the Scan Scope in Invicti Standard.
Further Information
For a complete list of what is new, improved, and fixed in this update, refer to the Invicti Standard Changelog.