December 2021 update for Invicti Standard 6.3

We’re delighted to announce the December 2021 update for Invicti Standard 6.3. The highlights of this release are software composition analysis (SCA), the OWASP Top Ten 2021 Report, and support for scanning GraphQL APIs.

December 2021 update for Invicti Standard 6.3

Software composition analysis (SCA) with IAST

Netsparker Standard can now analyze your web application’s software composition using the Netsparker IAST agent and list the components used. It can also detect whether any of these components are vulnerable by using Netsparker ’s vulnerability database. More and more web applications rely on third-party components, so your web application security also depends on the security of these components. It takes a lot of time and effort, however, to manually track whether these components have vulnerabilities and need updates to address these issues. Netsparker Standard can now check for third-party software libraries and report whether they have known security issues. For further information, see Software Composition Analysis with Netsparker IAST.

OWASP Top Ten 2021 Report

Netsparker Standard can generate the OWASP Top Ten 2021 Report in HTML and PDF format, so you now have the option of reporting only the vulnerabilities that fall under this classification. Thanks to the OWASP Top Ten 2021 Report, you can identify common security weaknesses in your web applications that could be exploited by malicious attackers. Developers and technical staff can prioritize and fix these security issues because the report provides them with all the essential information, including the HTTP request and response bodies. For further information, see OWASP Top Ten 2021 Report.

Scanning GraphQL APIs

Netsparker Standard can now scan GraphQL APIs and report vulnerabilities. GraphQL is a query language for APIs, originally developed by Facebook in 2012 and released to the public in 2015. Having a query language makes it easier and quicker to get data from a server to a client via API calls. Despite built-in validation and type-checking, GraphQL still has its security shortcomings that attackers can exploit to access sensitive data. Netsparker can now scan GraphQL APIs to identify vulnerabilities. For further information, see Scanning a GraphQL API for vulnerabilities.

Further information

For a complete list of what is new, improved, and fixed in this update, refer to the Netsparker Standard Changelog.