Invicti Enterprise On-Premises 02 Dec 2021 v2.2

FEATURES

  • Introduced the tagging feature for websites, website groups, and scans.
  • Introduced a login banner warning. The banner displays security and legal notices to users accessing the system.
  • Added DefectDojo Integration.
  • Added the Encryption key.
  • Added pre-scan validations so that Netsparker can automatically choose the TLS protocol.

IMPROVEMENTS

  • Added the date range filter to the global dashboard. Thanks to this improvement, users can filter scan data according to the time range they selected.
  • Added a new State filter on the Issues page.
  • Added the Environment field to the DefectDojo integration.
  • Added the Export to CSV button on the Manage Members page so that you can download all your team members to your environment.
  • Added the group by parameter to the Technology dashboard.
  • Added the tag limitation. Users cannot add more than 20 tags.
  • Added website and website groups information to Jira integration. When users send an issue to Jira via Netsparker Enterprise, website and website groups information, if any, appears in that ticket.
  • Added the missing information that was not exported to YouTrack, Asana, and Github in the case of Frame Injection vulnerability.
  • Added the severity level icons to the websites listed on the Websites’ page.
  • Added new property to /scans/list API endpoint to distinguish between scans.
  • Added paging to auditlogs/export API endpoint.
  • Added a check for the Trend Matrix Report to ignore null records in the database.
  • Improved the method to query known vulnerabilities in Netsparker Enterprise.
  • Changed SCIM response status code from 400 to 409 when the same email address is submitted twice.
  • Added a 400 Error message in the SCIM response status code when a user tries to change its email to a username.
  • Updated the error message when deleting the website during a PCI scan.
  • Improved the search for scan profiles on the Recent Scans page. Added the Scan Profile Default option to the column filters on the Recent Scans page to speed up the search for the default scan profiles.
  • Improved the error messages and code returned from the updating issue API endpoint.
  • Added unique IDs on the HTTP 500 Error page.
  • Updated a Docker agent library to run more security checks.
  • Added a control in the UserRoleWebsiteGroupMapping API endpoint to prevent null object reference exceptions.
  • Changed the error message for members/update API endpoint for password POST requests.
  • Issue notes are added to reports which are exported.
  • Improved the statusCode and errorMessage returned from members/deleteinvitation API endpoint on cases when the invitation is missing.
  • Changed roles/update API endpoint response status code from 201 to 200 to better comply with REST best practices.
  • Added “Override Version Vulnerability Severities” option to Scan Policy > Attacking settings.
  • Improved the error message displayed when a Website Group cannot be deleted due to it being referenced by a notification.
  • Extended the range of digits that can be entered for HOTP and TOTP configuration.

DEPRECATED

  • Removed X-Scanner request header from the default scan policies to prevent WAFs block the scans.

FIXES

  • Fixed a bug that prevented the filtering by website groups on the technology dashboard.
  • Fixed an unhandled error that happens while deleting scans.
  • Fixed an issue where the check state is reset when the search keyword is modified on the Report Policy Editor security checklist.
  • Fixed a bug that prevented updated scan profiles of the Scheduled Scans from being synchronized with these scheduled scans.
  • Fixed an issue where incorrect scan profiles and policies were used while performing group scans.
  • Fixed a space issue in GitLab integration that prevented integration to be completed successfully.
  • Fixed the deserialization issue that threw bad requests in some scans.
  • Fixed the issue of returning null response by removing WebsiteGroupId requirement from UserRoleWebsiteGroupMapping API endpoint.
  • Fixed the retest retry limit if the base scan is not loaded.
  • Fixed an email notification error sent to guest users which showed “Failed – Unable to load scan session” error in the scheduled scans although the scan was successful.
  • Fixed a NullReferenceException thrown while checking target URL in the New Scan page.
  • Fixed password autocomplete issue in the form authentication saved in a scan profile.
  • Fixed an error that prevented the URL Rewrite rule from being updated in the saved scan profile.
  • Fixed an error that prevented scan tags from being shown while creating a scheduling scan.
  • Fixed the Ignore SSL Certificate issue that prevented internal agents from being auto-updated.
  • Improved the performance of security checks on cases when multiple checks are running concurrently.
  • Fixed a bug that prevented a website from being deleted if that website has tags.
  • Fixed a bug that non-register users receive the Out-of-Date technology notification although these users have no website responsibility.
  • Fixed a bug that shows a two-factor authentication page to some users with SSO login after their information is updated on the Team Member page.
  • Fixed typo in the All Issues’ page filter drop-down.
  • Fixed a bug returning the 500 Error when an issue is updated.
  • Fixed a bug that led to duplicate records in a member’s role.
  • Fixed a bug that ignored a member’s time zone setting while generating a vulnerability list in XML format.
  • Fixed a bug that caused the private scan policies to appear in the Scan Policy drop-down at the New Scheduled Group Scan page.
  • Fixed a bug that did not convert the remaining time for the Next Execution Time of a scheduled scan properly.
  • Fixed a bug that prevented the scan profile of a deleted website from being removed. Now, when users delete a website, the related scans, including scan profile, are also deleted.
  • Fixed an issue that prevented the scan from being canceled.
  • Fixed the missing ScanTaskProfile field by adding it back to scan API call responses.
  • Fixed a bug that prevents members and teams from being deleted if they have been assigned to website groups.
  • Fixed a bug that allows the API member edit endpoint which accepts less than 15 characters for the administrator’s password.
  • Changed the permission to view reports from Add/Edit Scan to the View Report.
  • Increased the Agent request time interval to 60 seconds.
  • Fixed a bug that prevents an agent from scanning a new website if the previous scan was canceled.
  • Fixed a bug that returned the 500 Internal Server Error upon POST /members/newinvitation service call if the OnlySsoLogin parameter is set as true.
  • Fixed the 500 Internal Server Error message for a query string to a non-existent page.
  • Fixed an error preventing NIST, DISA STIG, and ASVS classifications from appearing in the Issue details.
  • Fixed an issue where multiple CWE values were being sent to Kenna Integration.
  • Fixed the incorrect API documentation of roles/listpermissions endpoint.
  • Fixed an issue where form authentication may fail due to credentials being modified when the scan profile is updated.
  • Fixed a bug that fails the installation of the On-Premises via the wizard.
  • Fixed a bug that shows an erroneous issue ID on the scan results’ page.
  • Fixed an issue that requires an email address for SSO-enabled accounts.

Update to the new version

If you want to update the latest version of Netsparker Enterprise On-Premises, see Updating Netsparker Enterprise On-Premises.