Get a demo
AppSec with Zero Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo

Invicti Standard 16 Jan 2020

NEW FEATURES

  • Added Invicti Enterprise Integration to the license activation dialog which enables the activation of a license using the Invicti Enterprise Information
  • Added a WAF Identification feature that detects whether the target website is using a Web Application Firewall that blocks Invicti attacks, and warns the user about it
  • Added a SANS Top 25 Scan Policy and report
  • Added login confirmation to ensure that Invicti was able to acquire an authentication session after conducting the login sequence, in order to notify users in case of any failure due to changed credentials
  • Added an Auto Export feature which enables the automatic export of all old session files not previously uploaded to Invicti Enterprise when connected to its servers
  • Added FortiWeb WAF integration
  • Added YouTrack Send To integration
  • Added Freshservice Send To integration

NEW SECURITY CHECKS

  • Added version disclosure and out-of-date checks for Telerik Web UI
  • Added detection and out-of-date checks for Java and GlassFish

IMPROVEMENTS

  • Improved the Postman importer to generate URL Rewrite rules automatically from the postman file
  • Added a new logout confirmation request to the Logout Detection process
  • Updated the AttackUsage properties of mXSS patterns to increase scan performance
  • Added a text field to the Report Policy Editor for displaying GUID values of custom vulnerabilities
  • Added a Copy Rules button to the URL Rewrite tab in the Start a New Website or Web Service Scan dialog
  • Added Region information to the new Invicti Enterprise Information section in the Invicti Enterprise tab
  • Added search tags and a shortcut key to the Search tab on the ribbon
  • Added the ability to sort the Name and Value grid view in the OAuth2 tab
  • Added a warning about unsupported settings in the OTP column in the Form authentication tab
  • Added a transparency feature to the Scan Search, accessed by pressing CTRL
  • Added a URL to provide extra information to help distinguish similar results in the Raw Requests and Responses tabs
  • Improved vulnerability summary suggestions to recommend that only confirmed vulnerabilities should be fixed immediately in the Executive Summary Report
  • Improved the Report Policy using the CWE and SANS top 25 standards
  • Added a new Max Response Headers Length option to the Advanced tab

FIXES

  • Fixed an issue where the RedirectBodyTooLarge vulnerability was being falsely reported when the redirect location was triple encoded
  • Fixed a NullReferenceException that was thrown in the ReflectedParameterAnalyzer component
  • Fixed an issue where Invicti Assistant retains generated optimized Scan Policies even if it has been disabled
  • Fixed the Pre-Request Script tab’s Presets button’s enabled state
  • Fixed a visual text wrapping issue that occured when all Resource Finder options were selected in the Scan Policy Optimizer dialog
  • Fixed an issue where the Proxy Authentication fields in Proxy tab of the Scan Policy Editor was not being disabled when the Use Current User’s Windows Credentials checkbox was selected
  • Fixed an issue that caused Invicti to freeze when the Scan Finished dialog was displayed while another dialog was open
  • Fixed the signature of the nginx.conf pattern
  • Fixed an issue that caused the Total Vulnerability Count not to be updated when a vulnerability was removed from the Issues panel
  • Fixed an issue that caused the wrong information to be copied about the node when Ctrl+C was used in the Issue and Sitemap panels
  • Fixed an issue that caused the Context button to overlay the Vulnerability Counts icons in the Local Scans files tab
  • Fixed an issue where the Import From File dropdown in the Imported Links tab was not displaying the last opened folder
  • Fixed an issue that showed the wrong exception message in the Test Credentials dialog for the authentication tabs, when the website was unreachable
  • Fixed WAF button display names in the Vulnerability tab on the ribbon
  • Fixed a validation problem that occured in mandatory fields in the WAF settings tab
  • Fixed an issue that caused the scrollbar color not to be applied in the request/response panel.
  • Fixed an issue that showed the wrong tooltip in the  Form Authentication tab’s verified settings
  • Fixed an issue that caused vulnerability counts to be calculated incorrectly when grouping the Issue panel by URL
  • Fixed an issue that caused some 404 nodes to not be visible when a filter was applied using search text
  • Fixed a problem that caused the generation of empty Comparison Reports 
  • Fixed an issue where version vulnerabilities could not be fetched from the database when application names contained space characters
  • Fixed an issue that caused inconsistent sorting results for the Sitemap nodes.
  • Fixed an issue that caused an ArgumentException in the CORS Checker
  • Fixed an issue that caused the Exploit LFI panel to not display its content when the height was set too small
  • Fixed the Extracted Version of Java Servlet Version Disclosure vulnerability so that it no longer includes a slash
  • Fixed an issue where the WebLogic Server was occasionally being incorrectly reported as the Application server of the target website
  • Fixed an issue where the XSS attack file had been overwritten, which caused the wrong injection request to be displayed when reporting Stored XSS vulnerabilities
  • Changed the notifications icons, and removed unnecessary extra space from the unread Notifications button
  • Fixed a NullReferenceException in the XSS Analyzer
  • Fixed a scope issue in the Resource Finders and in the Drupal RCE Engine
  • Fixed a subdomain problem in the Phishing by Navigating Tabs vulnerability
  • Removed a context menu from the Send To Actions tab
  • Fixed an issue that caused the template not to be applied in the Subscriptions context menu
  • Fixed a grammatical error in an Invicti Assistant notification
  • Fixed issues in the Blind SQL injection confirmation for redirects and timeouts
  • Fixed an issue that caused OTP settings to be applied when Persona information was missing in the Form Authentication tab
  • Fixed an issue that prevented the Local Scans’ file’s context buttons from being clicked when the scroll bar was displayed.
  • Fixed the issue where Custom Field values were incorrectly displayed in older scans
  • Fixed the signature patterns of the ASP.NET and Apache Module version disclosures so that they capture the version correctly
  • Fixed the handling of null Responses in Requests made using the Pre-Request Script feature.
  • Fixed a problem where a horizontal scrollbar was displayed in the search dialog
  • Refactored the JSON Regex to eliminate excessive backtracking
  • Fixed an issue where the Internal Proxy was updating headers that already had default values
  • Fixed a problem in Report Templates where custom logos were incorrectly aligned 
  • Fixed a NullReferenceException error that was thrown when a Theme was not selected in the General tab of the Options dialog
  • Fixed the Send To Action panel to display default names with normal font instead of bold
  • Fixed an issue that caused a crash when an internal server error occurred during the export of a scan to Invicti Enterprise.
  • Fixed the width of the grid view in the Report Policy Editor 
  • Fixed the focus back on the Sitemap and Issues panels after their search boxes are cleared
  • Fixed a race condition in the parsing of the Finish Time calculation which caused an exception to be thrown
  • Fixed a couple of localization problems in the Knowledge Base Report.
  • Fixed URL alignment in reports