Added a new IAST vulnerability: Overly Long Session Timeout.
Added new config vulnerabilities for the IAST Node.js sensor.
Added new config vulnerabilities for the IAST Java sensor.
Added support for detecting SQL Injections on HSQLDB.
Added support for detecting XSS through file upload.
Updated DISA STIG Classifications.
Updated Java and Node.js IAST sensors.
Improved time-based blind SQLi detection checks.
Improved the Content Security Policy Engine.
Updated XSS via File Upload vulnerability template.
Updated License Agreement on the Invicti Standard installer.
Added Extract Resource default property to DOM simulation.
Improved proxy usage in Netsparker Standard for outgoing web requests such as Hawk.
Added an option to discard certificate validation errors on the Enterprise Integration window during SSL/TLS connections.
Added vulnerabilityType filter to add VulnerabilityLookup table.
Added the agent mode to the authentication request.
Added a default behavior to scan the login page.
Added an option to disable anti-CSRF token attacks.
Added an option to block navigation on SPAs pages.
Added a default behavior to disable TLS1.3
FIXES
Fixed basic authorization over HTTP bug.
Fixed SQL Injection Vulnerability Family Reporting Bug.
Fixed a bug that the custom script throws a null reference exception when a script is added to the paused scan.
Fixed a bug that deletes an authentication password when a new scan is started with a copied profile.
Fixed a bug that causes the Sitemap to disappear during scanning with IAST.
Fixed a bug that caused missing tables and values when a report policy is exported as an SQL file.
Fixed a typo bug on GraphQL importing window.
Fixed the report naming bug that occurs users create a custom report from a base report.
Fixed an issue that causes the attack process not to be completed for a security check when there is an error occurred while attacking a parameter with an attack pattern.
Fixed a bug that updates all built-in scan policies instead of edited scan policy.
Fixed a typo on Skip Crawling & Attacking pop-up.
Fixed a bug that prevents an error icon from appearing after entering unacceptable characters for the scan policy name.
Fixed a bug that does not migrate the Spring4Shell Remote Code Execution check to a new scan policy although more than 50% of the checks are selected.
Fixed a bug that throws an error when the Large SPA is selected from the Load Preset Values drop-down on the Scan Policy window.
Fixed a bug that does not show Configuration Wizard for the Rest API TestInvicti website.
Fixed missing template section migration on report policy.
Fixed a bug that throws an error when a report is submitted upon error.
Fixed the LFI Exploiter null reference.
Fixed a bug that occurs when a detailed scan report does not report the CVSS scores for custom vulnerabilities.
Fixed a bug that occurs when the Log4J vulnerability profile is not migrated with the report policy migration.
Fixed a bug that occurs when users search the Target URL on the New Scan panel.
Fixed typo in the timeout error message.
Fixed a bug that prevents the WSDL files from being imported.
Fixed reporting “SSL/TLS not implemented” when scanning only TLS 1.3 supported sites.
Fixed a bug that throws an error for NTLM authentication when the custom username and password credentials are provided when the system proxy is entered into the appsetting.json
Fixed the bug that the passive vulnerabilities were reported from out-of-scope links.
REMOVAL
Removed Expect-CT security check.
Removed the End-of-Text characters in URL rewrite rules.
By using this website you agree with our use of cookies to improve its performance and enhance your experience. More information in our Privacy Policy.
