We’re delighted to announce the release of Invicti Enterprise On-Premises 2.4. The new release rolls together a wide range of updates and improvements, most notably the Business Logic Recorder, Azure Key Vault integration, the ability to run Invicti Enterprise scans on Linux instances on Amazon Web Services (AWS), and extended GraphQL library detection support. We have also added many new security checks, improvements, and fixes.
Business Logic Recorder
We have introduced the Business Logic Recorder (BLR) to the on-premises products. BLR functionality helps to maximize scan coverage and detect vulnerabilities in application and site components that are only accessible through specific business logic flows.
The Business Logic Recorder allows you to capture any unique or complex business logic in your target web apps, including support for multi-step forms with numerous validation criteria. When scanning, the crawler then uses these logic recordings to discover further pages, forms, and endpoints.
For more information, see our support page on using the Business Logic Recorder.
Azure Key Vault integration
We’ve introduced integration with Azure Key Vault to ensure that you have plenty of options to protect your secrets – especially important as the zero trust approach continues to gain in popularity.
Azure Key Vault is a cloud service that allows you to securely store and access secrets such as login credentials. Azure protects such secrets through the use of industry-standard algorithms, secure key lengths, and hardware security modules.
With the new integration, you can connect Invicti Enterprise to Azure Key Vault out-of-the-box to run authenticated scans across all your web apps, websites, and APIs without manually entering or exchanging sensitive credentials.
For more information, see our support pages on integrating Invicti Enterprise with Azure Key Vault and configuring internal agents for secrets management services.
Configuring Invicti Enterprise for Linux on AWS
In this release, we’ve added the ability to configure Invicti Enterprise to run scan agents on AWS Linux instances. With this option enabled, when you launch a new scan, Invicti Enterprise creates a new Linux instance for the scanner agent and terminates it automatically once the scan is completed.
Thanks to this improvement, you can easily auto-scale the scans. You can now launch as many concurrent scans as you need and Invicti Enterprise will easily scale all these scan tasks by relying on AWS. This auto-scaling option is also very cost-effective, as Invicti Enterprise can run all these tasks on Linux instances.
For more information, see our support pages on configuring cloud provider settings and configuring Invicti Enterprise for Linux on Amazon Web Services (Ubuntu).
GraphQL library detection
We’ve expanded the GraphQL detection capabilities in Invicti Enterprise, allowing scans to detect GraphQL endpoints and libraries by sending specific queries to your web application. It is critical to secure all such endpoints, as malicious actors could use them to stage attacks.
In addition to this capability, we previously introduced support for scanning GraphQL-based application programming interfaces (APIs). Coupled with improved library detection, the ability to scan GraphQL APIs will improve the security of your web applications.
For more information, see our support page on GraphQL library detection.
For a complete list of what is new, improved, and fixed in this update, see the Invicti Enterprise changelog.