🚀 Invicti Acquires Kondukto to Deliver Proof-Based Application Security Posture Management
100% Signal 0% Noise
Platform
Platform Overview
ASPM
API Security
DAST
SAST
SCA
Container Security
AI-Powered AppSec
Features
Pricing
Why Invicti
About Us
Case Studies
Contact Us
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Case Studies
Invicti Learn
Live Training
Partners
Support
Get a demo
Home
/
Documentation
/
4-Jul-2016
Invicti Product Release Notes
Invicti Enterprise On-Demand
Invicti Enterprise On-Premises
Invicti Standard
Invicti Application Security Platform
04 Jul 2016

4-Jul-2016

NEW FEATURES

  • Support and Scanning of RESTful web services.
  • Auto Heuristic URL Rewrite Rules can be used with Custom URL Rewrite rules during a website security scan.
  • New Reporting utility.
  • Added the new option "Crawl & Attack at the Same Time" setting to new scan page.

NEW SECURITY CHECKS

  • Added Samesite cookie attribute check.
  • Added Reverse Tabnabbing check.
  • Added Subresource Integrity (SRI) Not Implemented check.
  • Added Subresource Integrity (SRI) Hash Invalid check.

IMPROVEMENTS

  • Various memory usage improvements to better handle large websites.
  • Improved vulnerability templates by adding product information when a 3rd party web application (WordPress, Drupal, Joomla, etc.) is discovered.
  • Improved DOM simulation by supporting HTTP responses that is translated to HTML web pages using XSLT.
  • Improved coverage of Local File Inclusion security check engine.
  • Improved the automatic form authentication script to click the "button" HTML elements if no suitable button is found.
  • Improved the "HTML Base Tag Hijacking" vulnerability template.
  • Improved the long-term memory usage of the DOM simulation and cross-site scripting (XSS) scanning.
  • DOM simulation smart filtering now prunes unnecessary DOM branches.
  • Improved the detection of "Redirect Body Too Large" vulnerability.

BUG FIXES

  • Fixed the "Cross-site Scripting via Remote File Inclusion" vulnerability, which was not being confirmed automatically.
  • Fixed the incorrect form value issue when the #DEFAULT# form value is removed.
  • Fixed an HTTP Archive Importer issue during which the POST method was parsed as GET when postData is empty.
  • Fixed a bug in which a GWT parameter that contained a Base64 encoded value was not detected.
  • Fixed a time span parsing bug in Knowledge base report templates.
  • Fixed an issue in which some vulnerabilities are treated as fixed while retesting.
  • Fixed an issue in which XSS proof URL was missing alert function call.
  • Fixed the broken "Generate Debug Info" function of JavaScript simulation feature.
  • Fixed a NullReferenceException that can be thrown by the Subresource integrity security checks.
  • Fixed cURL login sample in API documentation.
Invicti Security Corp
1000 N Lamar Blvd Suite 300
Austin, TX 78703, US
© Invicti {year}
Resources
FeaturesIntegrationsPlansCase StudiesRelease NotesInvicti Learn
Use Cases
Penetration Testing SoftwareWebsite Security ScannerEthical Hacking SoftwareWeb Vulnerability ScannerComparisonsOnline Application Scanner
Web Security
The Problem with False PositivesWhy Pay for Web ScannersSQL Injection Cheat SheetGetting Started with Web SecurityVulnerability IndexUsing Content Security Policy to Secure Web Applications
Comparison
Acunetix vs. InvictiBurp Suite vs. InvictiCheckmarx vs. InvictiProbely vs. InvictiQualys vs. InvictiTenable Nessus vs. Invicti
Company
About UsContact UsSupportCareersResourcesPartners

Invicti Security is changing the way web applications are secured. Invicti’s dynamic and interactive application security products help organizations in every industry scale their overall security operations, make the best use of their security resources, and engage developers in helping to improve their overall security posture.

LegalPrivacy PolicyCalifornia Privacy RightsTerms of UseAccessibilitySitemap
Privacy Policy