🚀 Invicti Acquires Kondukto to Deliver Proof-Based Application Security Posture Management

100% Signal 0% Noise
Platform
Platform Overview
Features
CAPABILITIES
Web Application Security
ASPM
API Security
DAST
SAST
SCA
Container Security
AI-Powered AppSec
Pricing
Why Invicti
About Us
Case Studies
Contact Us
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Case Studies
Invicti Learn
Live Training
Partners
Support
Get a demo
Home
/
Documentation
/
v24.7.0 - 9 July 2024
Invicti Product Release Notes
Invicti Enterprise On-Demand
Invicti Enterprise On-Premises
Invicti Standard
Invicti Application Security Platform
09 Jul 2024

v24.7.0 - 9 July 2024

This update includes changes to the internal agents. The internal scan agent’s current version is 24.7.0. The internal authentication verifier agent’s current version is 24.7.0.

New Features

  • Added custom headers for communication between Agents and Invicti Hawk
  • Added a warning message when creating scan targets for websites that do not have a hostname mapped to an IP address

New Security Checks

  • Added detection for supply chain attacks through Polyfill JS
  • Added detection for GeoServer SQLi (CVE-2023-25157)
  • Added checks for various WordPress plugins

Improvements

  • Improved Credit Card Disclosure Security Check
  • Set the severity of 'Possible XSS' vulnerabilities to 'Informational'
  • Improved various Sensitive Data Exposure security checks
  • Improved detection of the Short SSL Key Length vulnerability
  • Added capability to check for Sensitive Data in XML responses

Fixes

  • Fixed missing Request Body content in vulnerability details
  • Fixed an issue with the selection of agent groups
  • Fixed an issue with the order in which internal agent scans are initiated
  • Fixed an issue with the 'Ignore Certificate Errors' Agent setting for SSL Validation
  • Fixed a download problem with PCI reports
  • Fixed an issue with the SSO login that was causing incorrect redirects
  • Removed references to 3.2 in the PCI DSS Compliance scan summary
  • Fixed an issue with the Azure Boards integration reopening old vulnerabilities that do not link to active issues in Invicti Enterprise
  • Fixed a timeout issue that was occurring on a prerequest script
  • Fixed a problem in the JWT Engine to resolve a false positive issue
  • Updated vulnerable OpenSSL libraries to secure versions
  • Fixed a bug in the Checkout Logout Detection so that it now chooses the same verification agent as the verification process
  • Fixed an issue related to the OTA app scan
  • Fixed HTTP 413 responses resulting from nonce cookies stacking
Invicti Security Corp
1000 N Lamar Blvd Suite 300
Austin, TX 78703, US
© Invicti {year}
Resources
FeaturesIntegrationsPlansCase StudiesRelease NotesInvicti Learn
Use Cases
Penetration Testing SoftwareWebsite Security ScannerEthical Hacking SoftwareWeb Vulnerability ScannerComparisonsOnline Application Scanner
Web Security
The Problem with False PositivesWhy Pay for Web ScannersSQL Injection Cheat SheetGetting Started with Web SecurityVulnerability IndexUsing Content Security Policy to Secure Web Applications
Comparison
Acunetix vs. InvictiBurp Suite vs. InvictiCheckmarx vs. InvictiProbely vs. InvictiQualys vs. InvictiTenable Nessus vs. Invicti
Company
About UsContact UsSupportCareersResourcesPartners

Invicti Security is changing the way web applications are secured. Invicti’s dynamic and interactive application security products help organizations in every industry scale their overall security operations, make the best use of their security resources, and engage developers in helping to improve their overall security posture.

LegalPrivacy PolicyCalifornia Privacy RightsTerms of UseAccessibilitySitemap
Privacy Policy