We’re delighted to announce the latest release of Invicti Enterprise. The highlights of this release are: U2F Authentication, issue synchronization for Azure DevOps and ServiceNow integrations, form validation errors in the knowledge base and reports, CVSS 3.1 support, and email reports after a scan.
This announcement showcases what is new in this latest Invicti Enterprise update. Many of these new features have originated from customer requests, while others provide further support and options for existing features.
Universal 2nd Factor Authentication
U2F is an open authentication standard that enables users to securely access multiple online services with a single security key. We have added support for U2F authentication. You can use YubiKey or any other compliant U2F device.
For further information, see Two-Factor Authentication.
Issue Synchronization for Integrations
Invicti Enterprise now enables the resolution and reactivation of issues in Invicti Enterprise following Invicti scans conducted in Azure DevOps and ServiceNow. Invicti Enterprise also offers webhook support. This enables you to detect any status changes made in Azure DevOps and ServiceNow in their counterpart issues in Invicti Enterprise.
Form Validation Errors in Knowledge Base
During the scanning process, Invicti Enterprise successfully validates web forms as part of the crawling stage. However, due to validation errors, some web forms could not be submitted, with the result that they were not displayed in scan reports. With this update, all validation errors that are encountered during the scan are now listed in a new Form Validation Errors node in the Knowledge Base tab of the Technical Report section of scan reports.
CVSS 3.1 Support
The Common Vulnerability Scoring System (CVSS) is a free and open industry standard for classifying the severity of computer system security vulnerabilities. CVSS assigns severity scores to vulnerabilities, allowing security staff managing detected issues to prioritize responses and resources according to the potential threat. We have added version 3.1 scores to vulnerabilities reported by Invicti Enterprise.
Email Reports After Scan
We have added a new feature to the notification system. Invicti Enterprise can now send scan reports as email attachments along with Scan Completed notifications. Previously, any completed scan notification could only be sent to registered and confirmed email addresses of Invicti Team Members. Now, any external email address can be added.
For further information, see How to Create a Notification.
For a complete list of what is new, improved and fixed in this update, refer to the Invicti Enterprise Changelog.