🚀 Invicti Acquires Kondukto to Deliver Proof-Based Application Security Posture Management
100% Signal 0% Noise
Platform
Platform Overview
ASPM
API Security
DAST
SAST
SCA
Container Security
AI-Powered AppSec
Features
Pricing
Why Invicti
About Us
Case Studies
Contact Us
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Case Studies
Invicti Learn
Live Training
Partners
Support
Get a demo
Home
/
Documentation
/
2-Dec-2019
Invicti Product Release Notes
Invicti Enterprise On-Demand
Invicti Enterprise On-Premises
Invicti Standard
Invicti Application Security Platform
02 Dec 2019

2-Dec-2019

NEW FEATURES

  • Introduced Technologies feature which finds and lists the technologies used in web applications and reports on problems
  • Added out of the box issue tracking integration for PagerDuty, Clubhouse, Trello, Asana, Webhook, Microsoft Teams, and CircleCI
  • Added new API endpoints for managing Team Members and listing Activity Logs
  • Added a new Scan Profiles page in the Scans menu
  • Added a new Comments box to the New Scan window, accessible while launching scans
  • Added facility to send New Scan notifications using the Slack integration
  • Upgraded the Invicti scanning engine to version 5.5.1.26518

NEW SECURITY CHECKS

  • Added a new Security Check – HTTP Parameter Pollution (HPP)
  • Added a new Security Check – BREACH Attack Detection
  • Added Out-of-Date checks for Ext JS
  • Added Oracle Cloud and Packet Cloud SSRF attack patterns
  • Added a Web Cache Deception engine to the list of Security Checks
  • Added a new XXE pattern for detecting the Axway SecureTransport 5.x XXE vulnerability
  • Added new attack patterns for DOM based XSS
  • Added new attack patterns for Remote Code Execution in Ruby
  • Added new attack patterns for Out-of-Band Remote Code Execution in Ruby
  • Added new attack patterns for Remote Code Execution in Python
  • Added new attack patterns for an Open Redirect security check
  • Added an email validation bypass payload for XSS
  • Added a header injection XSS pattern
  • Added a security check to determine whether an HTTP website has been implemented with SSL/TLS
  • Added a security check for File Content Disclosure in Ruby on Rails by exploiting an Accept header
  • Added mutation XSS patterns
  • Fixed the SSRF confirmation problem
  • Added Apple’s App-Site Association file detection
  • Added exploitation support for File Content Disclosure in Ruby On Rails, CVE-2019-5418
  • Added new LFI attack patterns for the access.log file
  • Added support for exploiting JSONP endpoints with the format parameter in Ruby On Rails
  • Added support for detecting Python Remote Code Execution
  • Added RFC compatible SSRF IPv6 patterns
  • Improved the Apache Struts (CVE-2013-2251) attack pattern
  • Added PHP Injection Fixed One Time Referrer attack
  • Updated the attack value of the PHP Injection Fixed One Time Attack pattern to use short notation instead of the print function
  • Improved the Regex pattern of the WebLogic Version Disclosure pattern
  • Added a PoC pattern for Apache Struts (CVE-2013-2251)
  • Added Out-of-Date checks for the Slick JavaScript library
  • Added Out-of-Date checks for the ScrollReveal JavaScript library
  • Added Out-of-Date checks for the MathJax JavaScript library
  • Added Out-of-Date checks for the Rickshaw JavaScript library
  • Added Out-of-Date checks for the Highcharts JavaScript library
  • Added Out-of-Date checks for the Snap.svg JavaScript library
  • Added Out-of-Date checks for the Flickity JavaScript library
  • Added Out-of-Date checks for the D3.js JavaScript library
  • Added Out-of-Date checks for the Google Charts JavaScript library
  • Added Out-of-Date checks for the Hiawatha and Cherokee server
  • Added Out-of-Date checks for the Oracle WebLogic server
  • Added Out-of-Date check for IIS
  • Added Version Disclosure detection for the Hiawatha Server
  • Added Version Disclosure detection for the Cherokee Server
  • Added Source Code Disclosure checks for Java Servlets
  • Added Source Code Disclosure checks for Java Server Pages
  • Added New Source Code Disclosure patterns for Java
  • Added detection for .htaccess file Identified
  • Added detection for Opensearch.xml files
  • Added detection for SQLite error messages
  • Added detection for security.txt files
  • Added detection for swagger.json files
  • Added detection for Open Search files

IMPROVEMENTS

  • Added the ability to create custom fields for ServiceNow integration
  • Added auto-detection of the Time zone during the sign up process
  • Improved Jira integration to support raw values for complex custom field types
  • Added a new format option to the Date and Time Format dropdown in the Change Account Settings window
  • Improved the text in Email Notifications
  • Improved the Category field's option names in the New ServiceNow Integration window
  • Improved the Issue template for Azure DevOps integrations
  • Added capability to add User Mapping for hosted Jira systems
  • Added more details to the CSV report which can be generated from the Activity Logs window
  • Added ongoing scan information for the target agent in the Manage Agents window
  • Added the capability to disable the Maximum Scan Duration field in the New Scan window (On-Premises only)

BUG FIXES

  • Fixed an inaccurate warning message that was displayed when canceling a scan
  • Fixed an issue where the Technical Contact was not set as expected in the Edit Website window
  • Fixed an issue where a website could not be added if the target URL contained a hyphen character
  • Fixed an issue where the configured Scan Profile was not used in Azure DevOps integrations
  • Fixed various browser compatibility issues with Safari
  • Fixed a bug where validation was not working as expected for the Hawk settings in the Scan Policy window
Invicti Security Corp
1000 N Lamar Blvd Suite 300
Austin, TX 78703, US
© Invicti {year}
Resources
FeaturesIntegrationsPlansCase StudiesRelease NotesInvicti Learn
Use Cases
Penetration Testing SoftwareWebsite Security ScannerEthical Hacking SoftwareWeb Vulnerability ScannerComparisonsOnline Application Scanner
Web Security
The Problem with False PositivesWhy Pay for Web ScannersSQL Injection Cheat SheetGetting Started with Web SecurityVulnerability IndexUsing Content Security Policy to Secure Web Applications
Comparison
Acunetix vs. InvictiBurp Suite vs. InvictiCheckmarx vs. InvictiProbely vs. InvictiQualys vs. InvictiTenable Nessus vs. Invicti
Company
About UsContact UsSupportCareersResourcesPartners

Invicti Security is changing the way web applications are secured. Invicti’s dynamic and interactive application security products help organizations in every industry scale their overall security operations, make the best use of their security resources, and engage developers in helping to improve their overall security posture.

LegalPrivacy PolicyCalifornia Privacy RightsTerms of UseAccessibilitySitemap
Privacy Policy