🚀 Invicti Acquires Kondukto to Deliver Proof-Based Application Security Posture Management
100% Signal 0% Noise
Platform
Platform Overview
ASPM
API Security
DAST
SAST
SCA
Container Security
AI-Powered AppSec
Features
Pricing
Why Invicti
About Us
Case Studies
Contact Us
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Case Studies
Invicti Learn
Live Training
Partners
Support
Get a demo
Home
/
Documentation
/
v23.8.0
Invicti Product Release Notes
Invicti Enterprise On-Demand
Invicti Enterprise On-Premises
Invicti Standard
Invicti Application Security Platform
17 Aug 2023

v23.8.0

Important note

  • Customers currently using version 23.7.0 on Windows running internal agents will need to perform additional steps in order for this update to run successfully in their environment. Affected customers have been contacted directly with more information.

New features

  • [Closed beta] Added the Team Administrator default role
  • Changed compression tool from 7zip to Tar
  • Added Diana.jl support for GraphQL Library Detection
  • Added Hot Chocolate support for GraphQL Library Detection
  • Added Zero Day Vulnerability for MOVEit Software

Improvements

  • Improved the scan deletion process
  • Improved the authentication agent to carry out any stepped authentication, such as first Form Authentication then OAuth2 
  • Added filter for discovered websites via AWS connection 
  • Enabled regex case sensitivity for attack payloads
  • Updated Boolean NoSQL / SQL Injection attack payloads
  • Expanded scenarios for Discovery Service with AWS Connections
  • Improved performance when updating vulnerability lookups
  • Improved performance of database indexes
  • Improved added API endpoints for Custom Scripts
  • Improved performance for Issues Report API endpoint
  • Improved detection of IT Hit WebDav Server .Net versions
  • Improved Internal Path Disclosure detection
  • Improved Remediation Advice for Autocomplete Enabled vulnerability
  • Improved detection logic for LFI vulnerability
  • Improved identification and version disclosure for PopperJS, CanvasJS, and Next.js
  • Improved WAF Detection for F5 BIG IP

Fixes

  • Fixed PCI Report generation error when selecting a specific group
  • Fixed the issue that prevents users from saving the scan profile when the Is Regex checkbox next to the Excluded Path field is selected on the URL Rewrite page
  • Fixed the timezone problem on the Knowledge Base Reports
  • Fixed issue with scans stopping with the Find & Follow New Links option enabled
  • Fixed issue with agent compression of chromium and node files
  • Fixed null value exception with REST API
  • Fixed InvalidCastException with REST API
  • Fixed ArgumentNullException with Custom Security Checks
  • Fixed Access Denied error when attempting to delete scan files which were already previously deleted
  • Fixed cannot login to web app after changing database password
  • Fixed unclear results with PCI reports with edge date ranges
  • Fixed BLR cannot fill address fields
  • Fixed licensing issue when adding a previously-deleted website
  • Fixed adding some MongoDB vulnerabilities to Knowledge Base report
  • Fixed importing Swagger/OpenAPI links
  • Fixed Discovery Service issue with AWS Connection throttling
  • Fixed authentication failure with MFA recovery codes
  • Fixed license file corruption issue during version upgrade
  • Fixed scans unauthenticated after successful authentication verification
  • Fixed Linux agent update issue
  • Fixed the data type detection when importing Swagger schemas
Invicti Security Corp
1000 N Lamar Blvd Suite 300
Austin, TX 78703, US
© Invicti {year}
Resources
FeaturesIntegrationsPlansCase StudiesRelease NotesInvicti Learn
Use Cases
Penetration Testing SoftwareWebsite Security ScannerEthical Hacking SoftwareWeb Vulnerability ScannerComparisonsOnline Application Scanner
Web Security
The Problem with False PositivesWhy Pay for Web ScannersSQL Injection Cheat SheetGetting Started with Web SecurityVulnerability IndexUsing Content Security Policy to Secure Web Applications
Comparison
Acunetix vs. InvictiBurp Suite vs. InvictiCheckmarx vs. InvictiProbely vs. InvictiQualys vs. InvictiTenable Nessus vs. Invicti
Company
About UsContact UsSupportCareersResourcesPartners

Invicti Security is changing the way web applications are secured. Invicti’s dynamic and interactive application security products help organizations in every industry scale their overall security operations, make the best use of their security resources, and engage developers in helping to improve their overall security posture.

LegalPrivacy PolicyCalifornia Privacy RightsTerms of UseAccessibilitySitemap
Privacy Policy