🚀 Invicti Acquires Kondukto to Deliver Proof-Based Application Security Posture Management
100% Signal 0% Noise
Platform
Platform Overview
ASPM
API Security
DAST
SAST
SCA
Container Security
AI-Powered AppSec
Features
Pricing
Why Invicti
About Us
Case Studies
Contact Us
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Case Studies
Invicti Learn
Live Training
Partners
Support
Get a demo
Home
/
Documentation
/
6.1
Invicti Product Release Notes
Invicti Enterprise On-Demand
Invicti Enterprise On-Premises
Invicti Standard
Invicti Application Security Platform
01 Jul 2021

6.1

NEW FEATURES

  • Added Authentication Profiles
  • Added the Overall Latest Version field to out-of-date vulnerabilities
  • Added multiple vulnerabilities reporting support to passive and singular custom scripts
  • Added Acunetix 360 integration

NEW SECURITY CHECKS

  • Implemented JSON Web Token (JWT) security check
  • Added the SSL Certificate is About to Expire security check
  • Added StackPath Web Application Firewall (WAF) detection.
  • Added Identified, Version Disclosure, and Out-of-date security checks for Atlassian Proxy Server.
  • Added Identified, Version Disclosure, and Out-of-date security checks for JavaServer Pages
  • Added Identified, Version Disclosure, and Out-of-date security checks for Kong Server
  • Added Identified, Version Disclosure, and Out-of-date security checks for Liferay Digital Experience Platform.
  • Added Identified, Version Disclosure, and Out-of-date security checks for Taleo Web Server
  • Added Version Disclosure and Out-of-date security checks for Sugar Customer Relationship Management (CRM)
  • Added Version Disclosure and Out-of-date security checks for Squid
  • Added Identified and Out-of-date security checks for Magento
  • Added Out-of-date security check for Daiquiri
  • Added Identified security check for Plesk (Windows)
  • Added Identified security check for Vegur
  • Added Identified security check for HupSpot
  • Added Identified security check for DataDome
  • Added Identified security check for Craft CMS
  • Added Identified security check for Windows Azure Web Apps
  • Added Identified security check for OpenVPN Access Server
  • Added Identified security check for Squarespace
  • Added Identified security check for Plesk (Linux)
  • Added Identified security check for Lighthouse
  • Added Identified security check for BitNinja Captcha Server
  • Added Identified security check for Pardot Server

IMPROVEMENTS

  • Added Scan Paused, Scan Resumed, Scan Canceled, and Scan Finished states to the log category.
  • Send to Request Builder option is now visible for Issue Group Nodes
  • Added page type field to vulnerability reports
  • Added Authentication Profile name to reports
  • Improved RAML Importer to import the ZIP files
  • Added application name and version information to a vulnerability report
  • Implemented Swagger path parameter default value
  • Fixed a Dom XSS scan stuck issue
  • Fixed Daiquiri Identified reporting redundant custom field issue.
  • Improved Common Weakness Enumeration (CWE) classifications for Out-of-Date Version vulnerabilities
  • Added a new Akamai Content Delivery Network (CDN) detection signature
  • Added a new Varnish Cache detection signature
  • Added missing Identified security checks for the existing technologies
  • Improved the summary section of the Version Disclosure template for SharePoint
  • Improved TRACE/TRACK Method Detected security check
  • Improved SVN Detected security check
  • Improved Version Disclosure security check and report template for Phusion Passenger
  • Improved Caddy Web Server Identified security check.
  • Improved WAF Identifier security check.
  • Added Blind SQL Injection security check with a new XOR payload for MySQL
  • Proxy credential passed to Chrome page authentication
  • Vulnerabilities ordered by severity in the Comparison Report

FIXES

  • Fixed Invicti license decrypt problem
  • HTTPS Requests are recorded as HTTP
  • Fixed the requested security protocol is not supported error
  • Fixed handling Protocol Buffers encoding type
  • Fixed miswritten product name
  • Fixed Phusion Passenger version disclosure template and added Out-of-Date mapping
  • Fixed analyzing headers even if the identification source is the crawler
  • Fixed an issue that may cause deadlock during adding items to Sitemap
  • Fixed an issue that caused out-of-scope URLs to be scanned when the override target URL option is enabled and the authentication is failed while scanning.
  • Fixed issue where headers in Postman collection were not replaced with variables
  • Fixed an issue that cause SSL validation callback returns invalid SSL certificates as out-of-scope links
  • Added disable-feature flag to the browser manager
  • Fixed a null reference exception while generating Knowledge Base report
  • Rare error when loading overlay window showed was ignored
  • Fixed out-of-scope imported links showing in Knowledge Base Rest API List
  • Fixed a detection issue with the Akamai CDN signature.
  • Fixed a detection issue with Tomcat Identified security check.
  • Fixed the signatures of phpMyAdmin Identified security check
  • Fixed big size upload error
  • The Exclude Authentication Page option will be checked if there is a selected authentication profile
  • Fixed DPI settings at Custom Script Dialog
  • Disabled GPU acceleration to prevent rendering errors and black bars
  • Fixed UI bugs at General Scan Profile Settings
  • Fixed issue max page visit was not received but showing in Knowledge Base because of max signature limit
  • Fixed Custom 404 Regex in Invicti Enterprise scan data is shown as Auto 404 at Invicti Standard
  • Fixed malformed VDB exception while getting the latest version of the application
  • Severity null control added to the Vulnerability Profile dialog
  • Fixed a non-recurring parameter while logging in with auto-authenticator
  • Fixed Scan Policy Report migration primary key error
  • Fixed saving Crawl & Attack option to the Scan Profile
  • Fixed Logout detection window shows first entered URL for every login simulation error
  • Fixed reporting false positive HSTS vulnerability
Invicti Security Corp
1000 N Lamar Blvd Suite 300
Austin, TX 78703, US
© Invicti {year}
Resources
FeaturesIntegrationsPlansCase StudiesRelease NotesInvicti Learn
Use Cases
Penetration Testing SoftwareWebsite Security ScannerEthical Hacking SoftwareWeb Vulnerability ScannerComparisonsOnline Application Scanner
Web Security
The Problem with False PositivesWhy Pay for Web ScannersSQL Injection Cheat SheetGetting Started with Web SecurityVulnerability IndexUsing Content Security Policy to Secure Web Applications
Comparison
Acunetix vs. InvictiBurp Suite vs. InvictiCheckmarx vs. InvictiProbely vs. InvictiQualys vs. InvictiTenable Nessus vs. Invicti
Company
About UsContact UsSupportCareersResourcesPartners

Invicti Security is changing the way web applications are secured. Invicti’s dynamic and interactive application security products help organizations in every industry scale their overall security operations, make the best use of their security resources, and engage developers in helping to improve their overall security posture.

LegalPrivacy PolicyCalifornia Privacy RightsTerms of UseAccessibilitySitemap
Privacy Policy