We’re delighted to share the August 2022 update for Invicti Enterprise On-Demand. The highlights of this release are the Business Logic Recorder, Azure Key Vault, and improved notification scope.
Business Logic Recorder
Invicti has introduced the Business Logic Recorder (BLR) to help you maximize scan coverage and detect vulnerabilities even in application and site components that are only accessible through specific business logic flows.
The BLR works by recording any custom or complex business logic on both your target web applications and your multi-step forms with multiple validation rules. The crawler then uses these recordings to discover more pages, forms, and endpoints as part of the scan.
For more information, see our support page on using the Business Logic Recorder.
Azure Key Vault
As the zero-trust approach continues to gain in popularity, we want to ensure you have plenty of options to protect your secrets. That’s why we’ve introduced integration with yet another secrets management service: Azure Key Vault.
Azure Key Vault is a cloud service that enables you to store and access your secrets in a secure way. Azure safeguards those secrets using industry-standard algorithms, key lengths, and hardware security modules.
By integrating Invicti Enterprise with Azure Key Vault, you can run authenticated scans on your web applications, websites, and APIs without having to enter or exchange sensitive credentials.
For more information, see our support page on integrating Invicti Enterprise with Azure Key Vault.
Improved notification scope
You can create notifications in Invicti Enterprise to stay informed about scans launched or failed and issues identified. However, for these notifications to provide the in-the-moment information your team needs, you need to ensure the right messages reach the right people. We’re excited to announce enhancements to the ways you can define website scope and user scope for notifications. This improved functionality enables you to define the notification recipients for specific websites and website groups.
Notification scope also plays a critical role in integration endpoints, particularly 2-way integrations such as Jira. For example, if you want to create a notification for integration, you need to select Any User. Similarly, if Any Website and Any User is selected, notifications will be sent out for all websites on the account, regardless of whether the user has access to that website.
For more information, see our support page on creating notifications.
For a complete list of what is new, improved, and fixed in this update, refer to the Invicti Enterprise Changelog.