Invicti Product Release Notes
Release Notes
Invicti Application Security Platform
RSS FEED
New feature
- Added Vulnerabilities widgets to the Target Trend Matrix
- The User Agent string is now displayed in Scan Configuration settings for each Target
- Updated the scanner error message for status code 429 (Too Many Requests)
- Added display of Mean Time to Remediate grouped by severity and indicated vulnerabilities exceeding MTTR
- The Vulnerability drawer is now accessible in the Trend Matrix
- Added the ability to export the Trend Matrix to CSV
- Added filtering options for the Trend Matrix
- Introduced the Trend Matrix for Applications
- Improved the display of scan duration in reports
- Added a custom User Agent option in Scan Configuration for Targets
- FQDN utilization is now displayed in the side menu
- Implemented automatic DAST scans in the GitHub Actions CI/CD pipeline
Improvements
- Scan Profiles are now required for CI/CD integrations
Resolved issues
- Resolved an issue that prevented manually entered sensor secrets from being saved
- Enhanced scan summaries to provide clearer explanations for aborted scans
- Resolved multiple issues related to HTTP/2 and LSR processing
- Resolved handling of aborted scans in the CLI
- Resolved an issue with restricted HTTP methods to ensure scan script requests are properly blocked
- Resolved an issue with Jira bi-directional sync to ensure status updates are accurately reflected
- Resolved an issue where scan progress displayed 100% without matching the actual scanner status
New features
- Scanning stops automatically when a 429 status is received without a retry-after header
- Implemented Trend Matrix for DAST Targets
- AI-Aided Login automatically regenerates invalid reused LSR files
- Added support for tracking session tokens in URL Parameters for LSR recorder
- DeepScan now scans all path fragments discovered in locations for potential vulnerabilities
- Added a filter on the Vulnerabilities page to show vulnerabilities found on APIs
- Added support in AI-Aided Login for saving AI-generated LSR files
- Improved Agents Page with an updated design for better navigation and readability
- Added the Technologies tab to the Application dashboard
- Added user provisioning with SCIM 2.0 for Teams
New features
- Added the ability to restrict HTTP methods for a DAST scans on a Target
- Added "Export to file" bulk action in Projects
- Added "Sync vulnerabilities" bulk action in Projects
- Added "Last updated" per SAST source in Projects
- Added "Export to file" action in Projects
- Added "Sync vulnerabilities" action in Projects
- Added handling of custom namespaces in specifications for WSDL imports
- Added NTA Standalone mode
- Added details about an API operation to API catalog
- Added "Scan comparison" feature to Past scans tab
- Added a scan message when AI-aided login is used
- Implemented automation to push vulnerabilities into issue trackers every time they are found, creating new or updating existing work items if needed
- Added vulnerability assignment to a specific user
- Implemented standard and compliance reports for Application consolidating all SAST asset vulnerabilities for a comprehensive application security overview
- Added "Most vulnerable technologies" list to the Application dashboard
- Added filtering by application, asset, and environment to the Vulnerabilities page
- Added information on the status and version of the installed NTA to the API sources section in Discovery Configuration
New features
- Enhanced DAST scanner with improved performance and vulnerability detection capabilities
- Fully redesigned user interface and experience
- New Applications feature allows to group related targets under logical application structures
- AI-powered web form auto-completion for DAST scans (Read more)
- AI-powered authentication handling for DAST scans
- Dynamic targets for integration into CI/CD pipelines (Read more)
- Detection of IDOR (Insecure Direct Object Reference) and BOLA (Broken Object Level Authorization) vulnerabilities in APIs
- Improved API analysis through stateful scanning capabilities
- Concurrent scan support for internal scanning agents
- Docker-based internal scanning agents
- Simplified Packages
- LLM vulnerability detection including:
- LLM Command Injection
- LLM-enabled Server-side Request Forgery (SSRF)
- LLM Insecure Output Handling
- Tool Usage Exposure
- Prompt Injection
- System Prompt Leakage
- LLM Fingerprinting (Read more)
1
...