Invicti Standard 03 May 2016

NEW FEATURES

  • Added ModSecurity WAF rule generation feature.

NEW SECURITY CHECKS

  • Detection of SQLite Database files.
  • Detection of Microsoft Outlook Personal Folders File (.pst) files.
  • Detection of DS_Store files.
  • Detection of SVN files, supporting the latest version of SVN.

IMPROVEMENTS

  • Improved LFI “Long attack – boot.ini” attack.
  • Added Internet Explorer 10, 11 and Microsoft Edge browser user agent values.
  • Improved the performance of the scan session auto saves.
  • Improved link importing to better handle relative URLs.
  • Improved the “MIME Types” knowledge base list by ordering items alphabetically.
  • Added “Extract static resources” option to JavaScript scan policy settings.
  • Improved coverage of XML External Entity engine.

FIXES

  • Fixed an attacking issue that occurs when retesting a vulnerability in an incremental scan.
  • Fixed a link parsing issue in the text parser where links were incorrectly split.
  • Fixed a form authentication “Override Target URL with authenticated page” issue which caused a wrong URL to be identified as the “Target URL”.
  • Fixed a highlighting issue where the URL for “Insecure Frame (External)” vulnerability is partially highlighted.
  • Fixed an incorrect “Source Code Disclosure” vulnerability report when the response contained an ASP.NET event validation code sample.
  • Fixed an ObjectDisposedException which occured while trying to close the Authentication Verification dialog.
  • Fixed a broken link in XSS vulnerability templates.