Invicti Product Release Notes
04 May 2016
4-May-2016
New Features
- Ability to export the scanners' findings as ModSecurity web application firewall rules.
- Scan Time Window that allows you to specify when the scanner can scan your website or not.
NEW SECURITY CHECKS
- Detection of SQLite Database files.
- Detection of Microsoft Outlook Personal Folders File (.pst) files.
- Detection of DS_Store files.
- Detection of SVN files, supporting the latest version of SVN.
IMPROVEMENTS
- Improved LFI "Long attack - boot.ini" attack.
- Added Internet Explorer 10, 11 and Microsoft Edge browser user agent values.
- Improved the performance of the scan session auto saves.
- Improved link importing to better handle relative URLs.
- Improved the "MIME Types" knowledge base list by ordering items alphabetically.
- Added "Extract static resources" option to JavaScript scan policy settings.
- Improved coverage of XML External Entity engine.
FIXES
- Fixed an attacking issue that occurs when retesting a vulnerability in an incremental scan.
- Fixed a link parsing issue in the text parser where links were incorrectly split.
- Fixed a form authentication "Override Target URL with authenticated page" issue which caused a wrong URL to be identified as the "Target URL".
- Fixed a highlighting issue where the URL for "Insecure Frame (External)" vulnerability is partially highlighted.
- Fixed an incorrect "Source Code Disclosure" vulnerability report when the response contained an ASP.NET event validation code sample.
- Fixed a broken link in XSS vulnerability templates.