Invicti Enterprise On-Demand 12 Aug 2021

This update includes changes to Internal Agents.

FEATURE

• Added DefectDojo Integration.
• Added support for editing built-in sections of custom report policies.
• Added Pre-Request Script feature which helps to configure HMAC Authentication on the New Scan page.
• Added DITA STIG, NIST SP 800-53, and ASVS 4.0 Compliance Reports
• Added a new State filter on the Issues page.

IMPROVEMENT

• Added an option to fail Azure build for only confirmed vulnerabilities.
• Improved the statusCode and errorMessage returned from members/deleteinvitation API endpoint on cases when the invitation is missing.
• Changed roles/update API endpoint response status code from 201 to 200 to better comply with REST best practices.
• Added “Override Version Vulnerability Severities” option to Scan Policy > Attacking settings.
• Improved the error message displayed when a Website Group cannot be deleted due to it being referenced by a notification.
• Extended the range of digits that can be entered for HOTP and TOTP configuration.
• Improved global dashboard performance.
• Changed the error message for members/update API endpoint for password POST requests.
• Added a control in the UserRoleWebsiteGroupMapping API endpoint to prevent null object reference exceptions.

REMOVAL

• Removed X-Scanner request header from the default scan policies to prevent web application firewalls from blocking scans.

FIXES

• Fixed an error preventing NIST, DISA STIG, and ASVS classifications from appearing in the Issue details.
• Fixed an unhandled error that occurs while deleting scans.
• Fixed an issue where the check state is reset when the search keyword is modified on the Report Policy Editor security checklist.
• Fixed scheduled website group scans that do not use primary scan policies.
• Fixed an issue where multiple Common Weakness Enumeration values were being sent to Kenna Integration.
• Fixed the incorrect API documentation of roles/listpermissions endpoint.
• Fixed an issue where form authentication may fail because of credentials being modified when the scan profile is updated.
• Fixed missing state field on the member API endpoint.
• Fixed the 500 Internal Server Error message for a query string to a non-existent page.
• [INTERNAL AGENT] Fixed an issue where a scan policy name containing invalid filename characters was causing scans to fail.
• [INTERNAL AGENT] Fixed several scan failure issues caused by an error that occurred while trying to open the vulnerability database.
• [INTERNAL AGENT] Fixed agent attempting to use proxy even after settings are changed.
• [INTERNAL AGENT] Fixed an unhandled error thrown while archiving the scan data.
• [INTERNAL AGENT] Added NoProxy option to internal agents.