Get a demo
AppSec with Zero Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo

Invicti Standard 12 Mar 2020

NEW FEATURES

  • Added a new Form Validation Errors node to the Knowledge Base panel, and to scan reports, to show Form Validation errors
  • Added the capability to abort requests from the Pre-Request Scripts tab of the Start a New Website or Web Service URL dialog
  • Added CVSS 3.1 support, to help with vulnerability scores
  • Added a new Query Parameters checkbox to the Parameter-Based Navigation section of the Crawling tab in the Scan Policy Editor

NEW SECURITY CHECKS

  • Added a Login Page Identified security check
  • Added a Content Delivery Networks (CDN) security check
  • Added a Reverse Proxies security check

IMPROVEMENTS

  • Added two new settings to the list available in the Advanced tab of the Options dialog, including DisableRequestParametersReordering (to disable the reordering of query parameters) and DisableIriParsing (to change the IRI parsing configuration of the .NET framework) 
  • Improved the ability to crawl URLs with fragments
  • Added reflected parameter names and sensitive keywords to the BREACH Attack’s report template
  • Added a metadata section to the Custom Security Check scripting templates in the Custom Script Checks section of the Security Checks tab in the Scan Policy Editor
  • Added extra information to error reports
  • Added a check for the vulnerability GUIDs used to create vulnerabilities in Custom Security Check scripts

FIXES

  • Fixed the tab order in the Scan Profile settings in the Start a New Website or Web Service Scan dialog
  • Resized the Type column in the Logs panel
  • Added a scrollbar to the Get Shell panel
  • Fixed an issue that prevented a backspace key from working in Save Profile As dialog’s name editor
  • Fixed the issue where vulnerabilities’ Fixed states were not updated following a Controlled scan
  • Fixed an issue that prevented custom fields from being rendered for the YouTrack Send To Action
  • Added missing tooltips to the Enabled check box of the Script Settings and Manual Authentication settings panels
  • Added a Frame Injection XSS pattern
  • Fixed a typo in the Copy to Clipboard tooltip
  • Fixed the issue where POST parameters were not parsed correctly in the HAR importer
  • Fixed the location of the Override Version vulnerability severities ch
  • Fixed the typo in the description of the NotifiedExpiringLicenses setting
  • Fixed an issue in the JSON Response panel that caused the Address textbox to be editable instead of read-only
  • Fixed an localization issue that occurred while displaying severities in the Vulnerability Editor dialog in the Report Policy Editor
  • Fixed escaping Form Authentication’s Custom Script username and password.
  • Fixed the problem where day-long scan durations were not displaying correctly in the Knowledge Base reports and screens
  • Fixed a couple of design problems in reports
  • Fixed the usage of the ‘/v’ command line parameter
  • Updated the default User-Agent
  • Fixed the scheduling of Incremental Scans to be consistent with the regular Incremental Scan, so that the system checks for the current session and offers the option to use it as the base scan before trying to open a scan file
  • Fixed typos in the tooltips in URL Rewrite tab of the Start a New Website or Web Service Scan dialog
  • Fixed problem caused by a missing obfuscation exclusion in the License validation process
  • Fixed the issue where the wrong engine was selected in Controlled Scans when a vulnerability was detected by a Custom Script
  • Fixed the issue where localized values were not displayed for some custom fields
  • Fixed the issue where duplicate notifications were displayed following the import and export of scans
  • Fixed a Null Reference Exception that was caused when Basic, NTLM/Kerberos Authentication settings were null in old profile files 
  • Fixed an issue where the default values were not set for the Scan Policy Optimizer options’ properties while deserializing a Scan Policy
  • Fixed an issue that caused the same Authentication method to be added twice in the Basic, NTLM/Kerberos Authentication settings
  • Updated OpenAPI.NET to 1.1.4 version to support the latest Swagger files
  • Fixed the issue where single engines were not working in the Import Only scan mode
  • Fixed an issue where the Request body was encoded improperly, caused an error following the sending of requests
  • Fixed some typos in the WAF Identified dialog, along with some refactorings
  • Fixed the issue where Incremental Scan caused unnecessary DOM simulations