December 2021 update for Invicti Standard 6.3

Tuncay Kayaoglu - Tue, 04 Jan 2022 -

We’re delighted to announce the December 2021 update for Invicti Standard 6.3. The highlights of this release are software composition analysis (SCA), the OWASP Top Ten 2021 Report, and support for scanning GraphQL APIs.

Your Information will be kept private.

December 2021 update for Invicti Standard 6.3
This is an archive post from the Netsparker (now Invicti) blog. Please note that the content may not reflect current product names and features in the Invicti offering.

Software composition analysis (SCA) with IAST

Netsparker Standard can now analyze your web application’s software composition using the Netsparker IAST agent and list the components used. It can also detect whether any of these components are vulnerable by using Netsparker ’s vulnerability database.

More and more web applications rely on third-party components, so your web application security also depends on the security of these components. It takes a lot of time and effort, however, to manually track whether these components have vulnerabilities and need updates to address these issues. Netsparker Standard can now check for third-party software libraries and report whether they have known security issues.

For further information, see Software Composition Analysis with Netsparker IAST.

OWASP Top Ten 2021 Report

Netsparker Standard can generate the OWASP Top Ten 2021 Report in HTML and PDF format, so you now have the option of reporting only the vulnerabilities that fall under this classification.

Thanks to the OWASP Top Ten 2021 Report, you can identify common security weaknesses in your web applications that could be exploited by malicious attackers. Developers and technical staff can prioritize and fix these security issues because the report provides them with all the essential information, including the HTTP request and response bodies.

For further information, see OWASP Top Ten 2021 Report.

Scanning GraphQL APIs

Netsparker Standard can now scan GraphQL APIs and report vulnerabilities.

GraphQL is a query language for APIs, originally developed by Facebook in 2012 and released to the public in 2015. Having a query language makes it easier and quicker to get data from a server to a client via API calls. Despite built-in validation and type-checking, GraphQL still has its security shortcomings that attackers can exploit to access sensitive data. Netsparker can now scan GraphQL APIs to identify vulnerabilities.

For further information, see Scanning a GraphQL API for vulnerabilities.

Further information

For a complete list of what is new, improved, and fixed in this update, refer to the Netsparker Standard Changelog.

Your Information will be kept private.

Tuncay Kayaoglu

About the Author

Tuncay Kayaoglu

Technical Writer at Netsparker. He does his best to make complex issues simple.