🚀 Invicti Acquires Kondukto to Deliver Proof-Based Application Security Posture Management

100% Signal 0% Noise
Platform
Platform Overview
Features
CAPABILITIES
Web Application Security
ASPM
API Security
DAST
SAST
SCA
Container Security
AI-Powered AppSec
Pricing
Why Invicti
About Us
Case Studies
Contact Us
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Case Studies
Invicti Learn
Live Training
Partners
Support
Get a demo
Home
/
Documentation
/
Invicti Application Security Platform Release Notes
Invicti Product Release Notes
Invicti Enterprise On-Demand
Invicti Enterprise On-Premises
Invicti Standard
Invicti Application Security Platform
Release Notes

Invicti Application Security Platform

RSS FEED
11 September 2025
COPY LINK

New feature

  • Added Vulnerabilities widgets to the Target Trend Matrix
  • The User Agent string is now displayed in Scan Configuration settings for each Target
  • Updated the scanner error message for status code 429 (Too Many Requests)
  • Added display of Mean Time to Remediate grouped by severity and indicated vulnerabilities exceeding MTTR
  • The Vulnerability drawer is now accessible in the Trend Matrix
  • Added the ability to export the Trend Matrix to CSV
  • Added filtering options for the Trend Matrix
  • Introduced the Trend Matrix for Applications
  • Improved the display of scan duration in reports
  • Added a custom User Agent option in Scan Configuration for Targets
  • FQDN utilization is now displayed in the side menu
  • Implemented automatic DAST scans in the GitHub Actions CI/CD pipeline

Improvements

  • Scan Profiles are now required for CI/CD integrations

Resolved issues

  • Resolved an issue that prevented manually entered sensor secrets from being saved
  • Enhanced scan summaries to provide clearer explanations for aborted scans
  • Resolved multiple issues related to HTTP/2 and LSR processing
  • Resolved handling of aborted scans in the CLI
  • Resolved an issue with restricted HTTP methods to ensure scan script requests are properly blocked
  • Resolved an issue with Jira bi-directional sync to ensure status updates are accurately reflected
  • Resolved an issue where scan progress displayed 100% without matching the actual scanner status
28 August 2025
COPY LINK

New features

  • Scanning stops automatically when a 429 status is received without a retry-after header
  • Implemented Trend Matrix for DAST Targets
  • AI-Aided Login automatically regenerates invalid reused LSR files
  • Added support for tracking session tokens in URL Parameters for LSR recorder
  • DeepScan now scans all path fragments discovered in locations for potential vulnerabilities
  • Added a filter on the Vulnerabilities page to show vulnerabilities found on APIs
  • Added support in AI-Aided Login for saving AI-generated LSR files
  • Improved Agents Page with an updated design for better navigation and readability
  • Added the Technologies tab to the Application dashboard
  • Added user provisioning with SCIM 2.0 for Teams
14 August 2025
COPY LINK

New features

  • Added the ability to restrict HTTP methods for a DAST scans on a Target
  • Added "Export to file" bulk action in Projects
  • Added "Sync vulnerabilities" bulk action in Projects
  • Added "Last updated" per SAST source in Projects
  • Added "Export to file" action in Projects
  • Added "Sync vulnerabilities" action in Projects
  • Added handling of custom namespaces in specifications for WSDL imports
  • Added NTA Standalone mode
  • Added details about an API operation to API catalog
  • Added "Scan comparison" feature to Past scans tab
  • Added a scan message when AI-aided login is used
  • Implemented automation to push vulnerabilities into issue trackers every time they are found, creating new or updating existing work items if needed
  • Added vulnerability assignment to a specific user
  • Implemented standard and compliance reports for Application consolidating all SAST asset vulnerabilities for a comprehensive application security overview
  • Added "Most vulnerable technologies" list to the Application dashboard
  • Added filtering by application, asset, and environment to the Vulnerabilities page
  • Added information on the status and version of the installed NTA to the API sources section in Discovery Configuration
30 July 2025
COPY LINK

New features

  • Enhanced DAST scanner with improved performance and vulnerability detection capabilities
  • Fully redesigned user interface and experience
  • New Applications feature allows to group related targets under logical application structures
  • AI-powered web form auto-completion for DAST scans (Read more)
  • AI-powered authentication handling for DAST scans
  • Dynamic targets for integration into CI/CD pipelines (Read more)
  • Detection of IDOR (Insecure Direct Object Reference) and BOLA (Broken Object Level Authorization) vulnerabilities in APIs
  • Improved API analysis through stateful scanning capabilities
  • Concurrent scan support for internal scanning agents
  • Docker-based internal scanning agents
  • Simplified Packages
  • LLM vulnerability detection including:
    • LLM Command Injection
    • LLM-enabled Server-side Request Forgery (SSRF)
    • LLM Insecure Output Handling
    • Tool Usage Exposure
    • Prompt Injection
    • System Prompt Leakage
    • LLM Fingerprinting (Read more)
1
...
Invicti Security Corp
1000 N Lamar Blvd Suite 300
Austin, TX 78703, US
© Invicti {year}
Resources
FeaturesIntegrationsPlansCase StudiesRelease NotesInvicti Learn
Use Cases
Penetration Testing SoftwareWebsite Security ScannerEthical Hacking SoftwareWeb Vulnerability ScannerComparisonsOnline Application Scanner
Web Security
The Problem with False PositivesWhy Pay for Web ScannersSQL Injection Cheat SheetGetting Started with Web SecurityVulnerability IndexUsing Content Security Policy to Secure Web Applications
Comparison
Acunetix vs. InvictiBurp Suite vs. InvictiCheckmarx vs. InvictiProbely vs. InvictiQualys vs. InvictiTenable Nessus vs. Invicti
Company
About UsContact UsSupportCareersResourcesPartners

Invicti Security is changing the way web applications are secured. Invicti’s dynamic and interactive application security products help organizations in every industry scale their overall security operations, make the best use of their security resources, and engage developers in helping to improve their overall security posture.

LegalPrivacy PolicyCalifornia Privacy RightsTerms of UseAccessibilitySitemap
Privacy Policy