Home
/
Documentation
/
6.1
Invicti Product Release Notes
Invicti Enterprise On-Demand
Invicti Enterprise On-Premises
Invicti Standard
Invicti Application Security Platform
01 Jul 2021

6.1

NEW FEATURES

NEW SECURITY CHECKS

  • Implemented JSON Web Token (JWT) security check
  • Added the SSL Certificate is About to Expire security check
  • Added StackPath Web Application Firewall (WAF) detection.
  • Added Identified, Version Disclosure, and Out-of-date security checks for Atlassian Proxy Server.
  • Added Identified, Version Disclosure, and Out-of-date security checks for JavaServer Pages
  • Added Identified, Version Disclosure, and Out-of-date security checks for Kong Server
  • Added Identified, Version Disclosure, and Out-of-date security checks for Liferay Digital Experience Platform.
  • Added Identified, Version Disclosure, and Out-of-date security checks for Taleo Web Server
  • Added Version Disclosure and Out-of-date security checks for Sugar Customer Relationship Management (CRM)
  • Added Version Disclosure and Out-of-date security checks for Squid
  • Added Identified and Out-of-date security checks for Magento
  • Added Out-of-date security check for Daiquiri
  • Added Identified security check for Plesk (Windows)
  • Added Identified security check for Vegur
  • Added Identified security check for HupSpot
  • Added Identified security check for DataDome
  • Added Identified security check for Craft CMS
  • Added Identified security check for Windows Azure Web Apps
  • Added Identified security check for OpenVPN Access Server
  • Added Identified security check for Squarespace
  • Added Identified security check for Plesk (Linux)
  • Added Identified security check for Lighthouse
  • Added Identified security check for BitNinja Captcha Server
  • Added Identified security check for Pardot Server

IMPROVEMENTS

  • Added Scan Paused, Scan Resumed, Scan Canceled, and Scan Finished states to the log category.
  • Send to Request Builder option is now visible for Issue Group Nodes
  • Added page type field to vulnerability reports
  • Added Authentication Profile name to reports
  • Improved RAML Importer to import the ZIP files
  • Added application name and version information to a vulnerability report
  • Implemented Swagger path parameter default value
  • Fixed a Dom XSS scan stuck issue
  • Fixed Daiquiri Identified reporting redundant custom field issue.
  • Improved Common Weakness Enumeration (CWE) classifications for Out-of-Date Version vulnerabilities
  • Added a new Akamai Content Delivery Network (CDN) detection signature
  • Added a new Varnish Cache detection signature
  • Added missing Identified security checks for the existing technologies
  • Improved the summary section of the Version Disclosure template for SharePoint
  • Improved TRACE/TRACK Method Detected security check
  • Improved SVN Detected security check
  • Improved Version Disclosure security check and report template for Phusion Passenger
  • Improved Caddy Web Server Identified security check.
  • Improved WAF Identifier security check.
  • Added Blind SQL Injection security check with a new XOR payload for MySQL
  • Proxy credential passed to Chrome page authentication
  • Vulnerabilities ordered by severity in the Comparison Report

FIXES

  • Fixed Invicti license decrypt problem
  • HTTPS Requests are recorded as HTTP
  • Fixed the requested security protocol is not supported error
  • Fixed handling Protocol Buffers encoding type
  • Fixed miswritten product name
  • Fixed Phusion Passenger version disclosure template and added Out-of-Date mapping
  • Fixed analyzing headers even if the identification source is the crawler
  • Fixed an issue that may cause deadlock during adding items to Sitemap
  • Fixed an issue that caused out-of-scope URLs to be scanned when the override target URL option is enabled and the authentication is failed while scanning.
  • Fixed issue where headers in Postman collection were not replaced with variables
  • Fixed an issue that cause SSL validation callback returns invalid SSL certificates as out-of-scope links
  • Added disable-feature flag to the browser manager
  • Fixed a null reference exception while generating Knowledge Base report
  • Rare error when loading overlay window showed was ignored
  • Fixed out-of-scope imported links showing in Knowledge Base Rest API List
  • Fixed a detection issue with the Akamai CDN signature.
  • Fixed a detection issue with Tomcat Identified security check.
  • Fixed the signatures of phpMyAdmin Identified security check
  • Fixed big size upload error
  • The Exclude Authentication Page option will be checked if there is a selected authentication profile
  • Fixed DPI settings at Custom Script Dialog
  • Disabled GPU acceleration to prevent rendering errors and black bars
  • Fixed UI bugs at General Scan Profile Settings
  • Fixed issue max page visit was not received but showing in Knowledge Base because of max signature limit
  • Fixed Custom 404 Regex in Invicti Enterprise scan data is shown as Auto 404 at Invicti Standard
  • Fixed malformed VDB exception while getting the latest version of the application
  • Severity null control added to the Vulnerability Profile dialog
  • Fixed a non-recurring parameter while logging in with auto-authenticator
  • Fixed Scan Policy Report migration primary key error
  • Fixed saving Crawl & Attack option to the Scan Profile
  • Fixed Logout detection window shows first entered URL for every login simulation error
  • Fixed reporting false positive HSTS vulnerability