šŸš€ Invicti Acquires Kondukto to Deliver Proof-Based Application Security Posture Management
100% Signal 0% Noise
Platform
Platform Overview
ASPM
APIĀ Security
DAST
SAST
SCA
Container Security
AI-Powered AppSec
Features
Pricing
Why Invicti
About Us
Case Studies
Contact Us
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Case Studies
Invicti Learn
Live Training
Partners
Support
Get a demo
Home
/
Documentation
/
v23.5.0
Invicti Product Release Notes
Invicti Enterprise On-Demand
Invicti Enterprise On-Premises
Invicti Standard
Invicti Application Security Platform
25 May 2023

v23.5.0

New security checks

  • Added new patterns for GrapQL attack usage.
  • Added new attack pattern to CommandInjection.xml.
  • Implemented Bootstrap Libraries Detection.
  • Added Out-of-Date vulnerability for mod_ssl.
  • Added a report template and vulnerability type for Spring Framework Identified.
  • Added JavaMelody Interface Detected Signature.
  • Added the support for Nested objects for GraphQL attacks.

Improvements

  • Added the discovery source option to filters on the discovered websites page.
  • Added the AWS badge to the Discovery Service to identify the assets identified via the AWS connection.
  • Improved the Linux agents to work in the FIPS-enabled environment.
  • Updated the IAST Bridge to improve the communication between the bridge and the scanner agent.
  • Added a null check for HAR files imported.
  • Added the Retest All Subitems in the Sitemap to prevent non-retestable issues from being retested.
  • Improved the agent and web application communication to end it after three attempts if the internal agent has wrong information.
  • Updated IAST NuGet PHP package.
  • Updated StaticDetection.xml & StaticResourceFinder.xml.
  • Changed WAF Identification Signature for F5 Big IP.
  • Added service worker request support for authentication, login simulation, and crawling.

Fixes

  • Fixed the AWS connection issue to let customers add internal EC2 instances.
  • Fixed an issue that caused high memory usage while collecting form values.
  • Fixed the issue that caused the change in the date and time format during the Postman file importing.Ā 
  • Fixed the next scheduled scan execution time information on the user interface.
  • Fixed the issue that displayed "vulnerability not found" on the user interface although the vulnerability is identified.Ā 
  • Fixed the control issue that threw an ā€œinternal server errorā€ when exporting a scan from Invicti Standard to the Enterprise.
  • Fixed the issue that allowed a user with permission to add/edit a website group the ability to view all account websites.
  • Fixed the logo issue that the Knowledge Base report was showing the old Invicti logo.
  • Fixed the untrusted certificate error for internal proxies.
Invicti Security Corp
1000 N Lamar Blvd Suite 300
Austin, TX 78703, US
Ā© Invicti {year}
Resources
FeaturesIntegrationsPlansCase StudiesRelease NotesInvicti Learn
Use Cases
Penetration Testing SoftwareWebsite Security ScannerEthical Hacking SoftwareWeb Vulnerability ScannerComparisonsOnline Application Scanner
Web Security
The Problem with False PositivesWhy Pay for Web ScannersSQL Injection Cheat SheetGetting Started with Web SecurityVulnerability IndexUsing Content Security Policy to Secure Web Applications
Comparison
Acunetix vs. InvictiBurp Suite vs. InvictiCheckmarx vs. InvictiProbely vs. InvictiQualys vs. InvictiTenable Nessus vs. Invicti
Company
About UsContact UsSupportCareersResourcesPartners

Invicti Security is changing the way web applications are secured. Invicti’s dynamic and interactive application security products help organizations in every industry scale their overall security operations, make the best use of their security resources, and engage developers in helping to improve their overall security posture.

LegalPrivacy PolicyCalifornia Privacy RightsTerms of UseAccessibilitySitemap
Privacy Policy