Invicti Standard 18 Mar 2015

Read the blog post for more details about this version


  • New option available to specify the type of parameter when configuring URL rewrite rules, e.g. numeric, date, alphanumeric


  • Improved the performance of the DOM Parser

  • Improved the performance of the DOM cross-site scripting scanner

  • Optimized DOM XSS Scanner to avoid scanning pages with same source code

  • Changed the default HTTP User agent string of built-in policies to Chrome web browser User agent string

  • Improved selected element simulation for select HTML elements

  • Added new patterns for Open Redirect engine


  • Fixed a bug in WSDL parser which prevents web service detection if XML comments are present before the definitions tag

  • Fixed a bug in WSDL parser which prevents web service detection if an external schema request gets a 404 not found response

  • Fixed a bug that occurs when custom URL rewrite rules do not match the URL with injected attack pattern and request is not performed

  • Fixed a configure form authentication wizard problem where the web browser does not load the page if the target site uses client certificates

  • Fixed a crash in configure form authentication wizard that occurs when HTML source code contains an object element with data: URL scheme is requested

  • Fixed a bug in DOM Parser where events are not simulated for elements inside frames

  • Fixed a cookie parsing bug where a malformed cookie was causing an empty HTTP response