🚀 Invicti Acquires Kondukto to Deliver Proof-Based Application Security Posture Management
100% Signal 0% Noise
Platform
Platform Overview
ASPM
API Security
DAST
SAST
SCA
Container Security
AI-Powered AppSec
Features
Pricing
Why Invicti
About Us
Case Studies
Contact Us
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Case Studies
Invicti Learn
Live Training
Partners
Support
Get a demo
Home
/
Documentation
/
v23.3.0
Invicti Product Release Notes
Invicti Enterprise On-Demand
Invicti Enterprise On-Premises
Invicti Standard
Invicti Application Security Platform
16 Mar 2023

v23.3.0

New features

  • Added the Maximum 404 Signatures field to scan policies.
  • Added an option to exclude issues’ history from reports.
  • Added an option to set a timeout value for agents to be set as Unavailable if they are stuck

New security checks

  • Added the JSON Web Tokens detected check.
  • Added JWT Token Forgery through Kid by using static files.

Improvements

  • Improved the JSON Web Tokens' vulnerability logic.
  • Updated JWT Token Forgery check condition.
  • Extended excluded header names with new headers.
  • Improved the JWT Token Finder Regex in the JWT engine.
  • Updated the embedded Chromium browser.
  • Added the permission check to download reports.
  • Added a parameter (ImportedLinks) for imported links to the /scanprofiles/new API endpoint.
  • Improved the global dashboard performance.
  • Added records limit to avoid Out-of-Memory exceptions on reports.
  • Added the link scope check for the user-controllable cookie vulnerability.
  • Improved the default browser settings to be reflected in the business logic recorder (BLR).
  • [Early Access] Created a queue to store scan results and register results asynchronously.
  • Improved the web app and agent communication.
  • Improved the performance of the scan report API endpoint.

Fixes

  • Fixed an issue that caused unhandled exceptions when there is no service endpoint definition in the WSDL file.
  • Fixed accessibility issue in the scan optimizer pop-up.
  • Fixed special character problems in Crawled and Scanned URLs reports.
  • Fixed "file in use error" while archiving scan logs.
  • Fixed the OAuth 2.0 authentication problem caused by the failure to get code information and certification validation in out-of-scope links. Fixed missing cookies for the JSON Web Tokens attack requests.
  • Fixed the text parser extension issue that caused agents stuck.
  • Fixed the vulnerability family issue that caused the Hawk not to detect issues.
  • Fixed the bug that threw an error when the Require SAML assertions to be encrypted checkbox is not selected on the Single Sign-on page.
  • Fixed a bug that caused scans to be canceled unexpectedly.
  • Fixed a bug that caused scans to terminate prematurely due to incorrect time settings.
  • Fixed the exception issue for the internal authentication verifier.
  • Fixed the cloud agent issue that was stuck in the launching stage.
  • Fixed the host unavailable issue that was thrown for sub-target URLs.
  • Updated the docker agent package for the 64-bit process.
Invicti Security Corp
1000 N Lamar Blvd Suite 300
Austin, TX 78703, US
© Invicti {year}
Resources
FeaturesIntegrationsPlansCase StudiesRelease NotesInvicti Learn
Use Cases
Penetration Testing SoftwareWebsite Security ScannerEthical Hacking SoftwareWeb Vulnerability ScannerComparisonsOnline Application Scanner
Web Security
The Problem with False PositivesWhy Pay for Web ScannersSQL Injection Cheat SheetGetting Started with Web SecurityVulnerability IndexUsing Content Security Policy to Secure Web Applications
Comparison
Acunetix vs. InvictiBurp Suite vs. InvictiCheckmarx vs. InvictiProbely vs. InvictiQualys vs. InvictiTenable Nessus vs. Invicti
Company
About UsContact UsSupportCareersResourcesPartners

Invicti Security is changing the way web applications are secured. Invicti’s dynamic and interactive application security products help organizations in every industry scale their overall security operations, make the best use of their security resources, and engage developers in helping to improve their overall security posture.

LegalPrivacy PolicyCalifornia Privacy RightsTerms of UseAccessibilitySitemap
Privacy Policy