🚀 Invicti Acquires Kondukto to Deliver Proof-Based Application Security Posture Management
100% Signal 0% Noise
Platform
Platform Overview
ASPM
API Security
DAST
SAST
SCA
Container Security
AI-Powered AppSec
Features
Pricing
Why Invicti
About Us
Case Studies
Contact Us
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Case Studies
Invicti Learn
Live Training
Partners
Support
Get a demo
Home
/
Documentation
/
18-May-2015
Invicti Product Release Notes
Invicti Enterprise On-Demand
Invicti Enterprise On-Premises
Invicti Standard
Invicti Application Security Platform
18 May 2015

18-May-2015

NEW SECURITY TESTS

  • Form Hijacking Security Checks added
  • Base Tag Hijacking Security Checks added

IMPROVEMENTS

  • Added several new backup file checks to improve the coverage
  • Improved the number of combinations that Common Directory checks find
  • Added support for using digits in custom URL rewrite parameter names
  • Added new XSS attack patterns to detect a full URL vulnerability and remote XSS attacks
  • Added HTTP POST method support for Open Redirection security tests
  • Improved resource finder behavior by falling back to GET requests when HEAD requests are failing
  • Improved detection of XSS vulnerabilities in CSS blocks
  • Improved vulnerability template for Open Redirection vulnerabilities
  • Increased coverage by finding LFI vulnerabilities exposed to file:// protocol
  • Set default maximum vulnerability report limit to 1000 for active engines
  • Improved detection of Remote Code Execution and DoS in HTTP.sys vulnerability

FIXES

  • Fixed a race condition issue which occurs while adding new links on DOM simulation
  • Fixed an InvalidOperationException issue which occurs while trying to apply token parameter values
  • Fixed incorrect parsing of multiple response headers with same name on DOM simulation and DOM XSS attacks
  • Fixed a vulnerability template generation issue where temporary files were being kept on disk
  • Fixed installer to handle .NET framework versions released after 4.5.2
  • Fixed the incorrect description text for SQL Injection security test on scan policy editor dialog
  • Fixed "Maximum 404 Pages to Attack" scan policy option which was previously limiting the maximum page number to 10 no matter what set with this option
Invicti Security Corp
1000 N Lamar Blvd Suite 300
Austin, TX 78703, US
© Invicti {year}
Resources
FeaturesIntegrationsPlansCase StudiesRelease NotesInvicti Learn
Use Cases
Penetration Testing SoftwareWebsite Security ScannerEthical Hacking SoftwareWeb Vulnerability ScannerComparisonsOnline Application Scanner
Web Security
The Problem with False PositivesWhy Pay for Web ScannersSQL Injection Cheat SheetGetting Started with Web SecurityVulnerability IndexUsing Content Security Policy to Secure Web Applications
Comparison
Acunetix vs. InvictiBurp Suite vs. InvictiCheckmarx vs. InvictiProbely vs. InvictiQualys vs. InvictiTenable Nessus vs. Invicti
Company
About UsContact UsSupportCareersResourcesPartners

Invicti Security is changing the way web applications are secured. Invicti’s dynamic and interactive application security products help organizations in every industry scale their overall security operations, make the best use of their security resources, and engage developers in helping to improve their overall security posture.

LegalPrivacy PolicyCalifornia Privacy RightsTerms of UseAccessibilitySitemap
Privacy Policy