Home
/
Documentation
/
18-Mar-2015
Invicti Product Release Notes
Invicti Enterprise On-Demand
Invicti Enterprise On-Premises
Invicti Standard
Invicti Application Security Platform
18 Mar 2015

18-Mar-2015

Read the blog post for more details about this version

NEW FEATURE

  • New option available to specify the type of parameter when configuring URL rewrite rules, e.g. numeric, date, alphanumeric

IMPROVEMENTS

  • Improved the performance of the DOM Parser
  • Improved the performance of the DOM cross-site scripting scanner
  • Optimized DOM XSS Scanner to avoid scanning pages with same source code
  • Changed the default HTTP User agent string of built-in policies to Chrome web browser User agent string
  • Improved selected element simulation for select HTML elements
  • Added new patterns for Open Redirect engine

BUG FIXES

  • Fixed a bug in WSDL parser which prevents web service detection if XML comments are present before the definitions tag
  • Fixed a bug in WSDL parser which prevents web service detection if an external schema request gets a 404 not found response
  • Fixed a bug that occurs when custom URL rewrite rules do not match the URL with injected attack pattern and request is not performed
  • Fixed a configure form authentication wizard problem where the web browser does not load the page if the target site uses client certificates
  • Fixed a crash in configure form authentication wizard that occurs when HTML source code contains an object element with data: URL scheme is requested
  • Fixed a bug in DOM Parser where events are not simulated for elements inside frames
  • Fixed a cookie parsing bug where a malformed cookie was causing an empty HTTP response