Invicti Product Release Notes
01 Nov 2016
1-Nov-2016
New Technical Check
- Added "Cookie Header Contains Multiple Cookies" check
Improvements
- Improved the Content Security Policy (CSP) and "Misconfigured Access-Control-Allow-Origin Header" vulnerability templates.
- Improved CSP vulnerability detection by only reporting vulnerabilities on HTML resources.
- Team Foundation Server Send To action now populates severity and repro steps fields.
- Improved report generation dialog by remembering the last used settings separately for each report type.
- Added "Copy as cURL" context menu item to site map.
- Added support for HTTP POST method while using Open in Browser site map context menu option.
- Added support for attacking to User-Agent and Referer request headers.
- Improved scan session export dialog by suggesting default file names.
- Improved the coverage of the boolean SQL injection vulnerability engine.
- Improved GitHub send to configuration by check the existence of the specified repository.
Fixes
- Fixed various encoding issues on request builder.
- Fixed the splash screen issue where it opens on wrong monitor on multi monitor setups.
- Fixed External CSS, Script and Frame knowledge base items which do not consider the port while performing checks.
- Fixed the missing method values on vulnerability summary table of reports.
- Fixed the missing dashboard statistics when a scan session is imported.
- Fixed the site map Copy URL issue for some nodes which were missing URL information.
- Fixed a hang that may occur when windows gets locked, goes to sleep or hibernation.
- Fixed an issue with auto save where scan is not saved during the extra confirmation phase.
- Fixed an issue in open redirect detection where incorrect URLs may also be reported.
- Fixed the zero progress bar issue on loaded scan files.
- Fixed various CSP vulnerability highlight issues.
- Fixed an issue related with form authentication which prevents logout detection during attacking phase.
- Fixed an issue related with temp file generation.
- Fixed an Local File Inclusion vulnerability detection issue when attacked with a FullUrl payload.
- Fixed an extra tab on Scanned URLs List (CSV) report template.
- Fixed the size of scan policy editor dialog on screens with high DPI.
- Fixed the incorrect severity icon on site map when a vulnerability is selected.
- Fixed an incorrect retest result occurs when the target web site is not reachable.
- Fixed a CSP vulnerability issue for deprecated CSP header name on meta tags.
- Fixed the remaining registry keys after uninstall.