Invicti Enterprise On-Premises 07 Apr 2017

New Features

• A wizard to assist first time users add a new website and setup a web security scan
• Late confirmation of vulnerabilities (vulnerabilities can be confirmed after the scan has finished with Invicti Hawk)

New Security Checks

• New security check that detects insecure targets in Content Security Policy.
• Added checks for exposure of trace.axd in ASP.NET applications.
• New security check for Time Based Server-Side Request Forgery.
• Added Markdown Injection attack pattern to XSS engine.
• Added a Code Evaluation check for Apache Struts framework.

Improvements

• Improved Boolean SQL Injection detection.
• Updated the Local File Inclusion vulnerability classifications.
• Improved Trace/Track security checks.
• Improved coverage of XSS engine in redirects.
• Added policy optimization support for SSRF security checks.
• Added exploit generation support for “Cross-site Scripting via Remote File Inclusion” vulnerability.
• Added a specialized parser to parse JavaScript responses better to reduce discovering incorrect links.
• Improved form authentication logout detection by ignoring the responses of some attacks to prevent incorrect logout detections.
• Added VDB support to Blind & Boolean SQLi post exploitation.
• Added support for checking Open Redirection vulnerability on Refresh response header.
• Added the XPath information of the element that causes the DOM XSS vulnerability.
• Added “Sub Path Max Dynamic Signatures” setting for Heuristic URL Rewrite detection.
• Added a JavaScript scan policy option to reduce triggered event count during the simulation.
• Added a JavaScript scan policy option to exclude HTML elements such as logout buttons from event simulation by CSS selectors.
• Added checks for vulnerabilities which sink into window.name capability for DOM XSS security checks.
• Improved the coverage of the Local File Inclusion engine so the vulnerability can be found in a full url attack.
• Changed severity numbers’ style on scan result pages.
• Added support for editing scan time window settings for running scans.
• Highlighted special fields of vulnerability notes on the scan report page.
• Settings of completed scans are automatically applied to new scans when a user launches a new scan from the recent scans page or scan report page.
• Improved notifications email templates.
• Improved help text by adding netsparker.com article links to relevant sections.
• Improved input validation for request rate limit settings on the scan policy page.
• Added support for remembering previously entered filters on list pages.
• Allowing users to select CSV separator while export scan reports.
• Added support to allow users to re-verify logout settings on the form authentication verification dialog.

Bug Fixes

• Fixed several issues related to DOM parsing and simulation.
• Fixed a NullReferenceException thrown by HTTP Methods checks.
• Fixed a StackOverflowException caused by JSON responses with too many nested elements.
• Fixed Proof of Concept generation during post exploitation for time based SQLi checks.
• Fixed a NullReferenceException while confirming a Boolean SQLi vulnerability.
• Fixed an issue where scan is paused when an additional host is unreachable.
• Fixed typos in CSP vulnerability templates.
• Fixed an issue where ignored emails are still reported as knowledge base issue.
• Fixed an issue where source code disclosure is reported in JS and CSS files.
• Fixed an SQL exploitation issue where executing a SQL query which expected an integer result is no longer giving failure for PostgreSQL database.
• Fixed a Text Parser issue where single quote characters were being captured as part of links.
• Fixed the incorrect path disclosure caused by the Shellshock attack.
• Fixed missing SSRF proofs under Proofs knowledge base.
• Fixed incorrect encoded parameter names for multipart/form-data forms.
• Fixed the performance recrawling for DOM XSS checks on websites with lots of links.
• Fixed the incorrect CR LF encoding issues on proof URLs.
• Fixed DOM Parser clearInterval JavaScript function simulation.
• Fixed an issue where stored XSS vulnerability is reported in an XHR response rather than in the page itself which makes XHR request.
• Fixed an issue where Boolean SQL Injection vulnerability is missed due to crawled parameter value.
• Fixed an issue where reflected XSS vulnerability is missed because the reflected payload is HTML encoded in an attribute.
• Fixed an issue where Text Parser does not handle the same referenced JavaScript in different files.
• Fixed an issue where timezone is not being set correctly when a validation error occurs on the signup page.
• Fixed a filtering issue on the Manage Team page.