🚀 Invicti Acquires Kondukto to Deliver Proof-Based Application Security Posture Management
100% Signal 0% Noise
Platform
Platform Overview
ASPM
API Security
DAST
SAST
SCA
Container Security
AI-Powered AppSec
Features
Pricing
Why Invicti
About Us
Case Studies
Contact Us
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Case Studies
Invicti Learn
Live Training
Partners
Support
Get a demo
Home
/
Documentation
/
30-Sep-2020
Invicti Product Release Notes
Invicti Enterprise On-Demand
Invicti Enterprise On-Premises
Invicti Standard
Invicti Application Security Platform
30 Sep 2020

30-Sep-2020

NEW FEATURES

  • Added a new signature limit for URL Rewrite matched links
  • Added a crawling limit for Not found (404) links
  • Added a WASC Classification Report template
  • Added an option to exclude authentication pages and removed authentication related regexes from the default settings

NEW SECURITY CHECKS

  • Added Out-of-date security checks for the Liferay portal
  • Added Version Disclosure and Out-of-date security checks for Jolokia
  • Added Nested XSS security checks
  • Added an ASP.NET Razor SSTI security check
  • Added a Java Pebble SSTI security check
  • Added a Theymeleaf SSTI security check
  • Added Version Disclosure and Out-of-date security checks for Grafana

IMPROVEMENTS

  • Improved custom scripting to send raw requests
  • Improved the authenticator to hide passwords in request data in order to prevent exposing them in reports
  • Added an Auto Follow Redirect setting to the Advanced settings
  • Added request and response details to Out of Band vulnerabilities
  • Improved logging for timed out regexes in the Javascript Library Checker
  • Updated signature of Stack Trace/Custom Stack Trace (Python)
  • Improved the memory consumption on long running scans

FIXES

  • Fixed an error that was caused when parsing duplicate response content-type headers
  • Updated Invicti logos, splash screen and icons
  • Fixed reporting of Crawl Performance for crawl-only scans
  • Fixed an issue where Form Value Errors were occurring after simulation was finished
  • Fixed the Maximum Body Length exceeded log message
  • Fixed the log level of the Dom Parser's ignored link message
  • Fixed the Jira Send To application description
  • Fixed an issue that occured when the content-type and accept header was used in a parameter in the Open API (Swagger) file
  • Fixed an issue where the custom Comparison Report was not generated
  • Fixed an ArgumentNullException that was occuring in the TestSiteConfiguration dialog
  • Disabled the LFI button for possible xxe
  • Fixed a certificate error problem on the new ssl checker
  • Fixed the timezone problem on reports
  • Fixed the Executive Summary Report title
  • Fixed an ArgumentException that was thrown when the URI was empty
  • Fixed HIPAA classification links
  • Fixed the issue where the Invicti session importer did not import all links from the session
  • Fixed the bug where the URL was split incorrectly when a segment contained the file extension
  • Fixed the issue responses that were not being analyzed in the Signatures engine during the re-crawl phase
  • Fixed the HIPAA classification link when there are multiple classifications
  • Removed plugin functions that are used to detect bootstrap to prevent false positive versions from being reported
  • Fixed NRE in the static detection engine
  • Fixed the Swagger parser that caused an object to be imported with a parent node while the object was inside an array
Invicti Security Corp
1000 N Lamar Blvd Suite 300
Austin, TX 78703, US
© Invicti {year}
Resources
FeaturesIntegrationsPlansCase StudiesRelease NotesInvicti Learn
Use Cases
Penetration Testing SoftwareWebsite Security ScannerEthical Hacking SoftwareWeb Vulnerability ScannerComparisonsOnline Application Scanner
Web Security
The Problem with False PositivesWhy Pay for Web ScannersSQL Injection Cheat SheetGetting Started with Web SecurityVulnerability IndexUsing Content Security Policy to Secure Web Applications
Comparison
Acunetix vs. InvictiBurp Suite vs. InvictiCheckmarx vs. InvictiProbely vs. InvictiQualys vs. InvictiTenable Nessus vs. Invicti
Company
About UsContact UsSupportCareersResourcesPartners

Invicti Security is changing the way web applications are secured. Invicti’s dynamic and interactive application security products help organizations in every industry scale their overall security operations, make the best use of their security resources, and engage developers in helping to improve their overall security posture.

LegalPrivacy PolicyCalifornia Privacy RightsTerms of UseAccessibilitySitemap
Privacy Policy