Invicti Standard 18 Mar 2015

Read the blog post for more details about this version


  • Moved Scan Policy settings from Settings dialog to Scan Policy Editor dialog

  • Added “debug” keyword to default sensitive comment keyword list

  • Improved Scan Policy Editor dialog to default to unique policy names when a new policy is created or cloned

  • Improved Custom 404 RegEx validation to prevent empty patterns

  • Improved HTML5 engine to ignore non-HTTP protocols on iframe sources

  • Improved Configure Form Authentication wizard to use the selected Scan Policy settings (Custom headers, proxy, user-agent, etc.) on Start a New Scan dialog

  • Improved Cross-site Scripting vulnerability template


  • Fixed wrong PDF scaling issue which causes fonts to be rendered very small for report templates

  • Fixed DOM Parser InvalidCastException crashes while trying to cast option tags on some cases

  • Fixed form “action” value reported wrong on vulnerability details

  • Fixed Internal Proxy port value setting upper bound to 65535

  • Fixed incorrect attack possibility calculation for XSS confirmation requests

  • Fixed dialog sizes on various screen resolutions and DPIs

  • Fixed some issues in XSS detecting within script blocks

  • Fixed XML attacks where reserved “xmlns” attribute values were being modified

  • Fixed a DOM Parser issue on HTML pages with nested form tags