Home
/
Documentation
/
Invicti Application Security Platform Release Notes
Invicti Product Release Notes
Invicti Enterprise On-Demand
Invicti Enterprise On-Premises
Invicti Standard
Invicti Application Security Platform
Release Notes

Invicti Application Security Platform

RSS FEED
30 July 2025
COPY LINK

New features

  • Enhanced DAST scanner with improved performance and vulnerability detection capabilities
  • Fully redesigned user interface and experience
  • New Applications feature allows to group related targets under logical application structures
  • AI-powered web form auto-completion for DAST scans (Read more)
  • AI-powered authentication handling for DAST scans
  • Dynamic targets for integration into CI/CD pipelines (Read more)
  • Detection of IDOR (Insecure Direct Object Reference) and BOLA (Broken Object Level Authorization) vulnerabilities in APIs
  • Improved API analysis through stateful scanning capabilities
  • Concurrent scan support for internal scanning agents
  • Docker-based internal scanning agents
  • Simplified Packages
  • LLM vulnerability detection including:
    • LLM Command Injection
    • LLM-enabled Server-side Request Forgery (SSRF)
    • LLM Insecure Output Handling
    • Tool Usage Exposure
    • Prompt Injection
    • System Prompt Leakage
    • LLM Fingerprinting (Read more)
14 August 2025
COPY LINK

New features

  • Added the ability to restrict HTTP methods for a DAST scans on a Target
  • Added "Export to file" bulk action in Projects
  • Added "Sync vulnerabilities" bulk action in Projects
  • Added "Last updated" per SAST source in Projects
  • Added "Export to file" action in Projects
  • Added "Sync vulnerabilities" action in Projects
  • Added handling of custom namespaces in specifications for WSDL imports
  • Added NTA Standalone mode
  • Added details about an API operation to API catalog
  • Added "Scan comparison" feature to Past scans tab
  • Added a scan message when AI-aided login is used
  • Implemented automation to push vulnerabilities into issue trackers every time they are found, creating new or updating existing work items if needed
  • Added vulnerability assignment to a specific user
  • Implemented standard and compliance reports for Application consolidating all SAST asset vulnerabilities for a comprehensive application security overview
  • Added "Most vulnerable technologies" list to the Application dashboard
  • Added filtering by application, asset, and environment to the Vulnerabilities page
  • Added information on the status and version of the installed NTA to the API sources section in Discovery Configuration
28 August 2025
COPY LINK

New features

  • Scanning stops automatically when a 429 status is received without a retry-after header
  • Implemented Trend Matrix for DAST Targets
  • AI-Aided Login automatically regenerates invalid reused LSR files
  • Added support for tracking session tokens in URL Parameters for LSR recorder
  • DeepScan now scans all path fragments discovered in locations for potential vulnerabilities
  • Added a filter on the Vulnerabilities page to show vulnerabilities found on APIs
  • Added support in AI-Aided Login for saving AI-generated LSR files
  • Improved Agents Page with an updated design for better navigation and readability
  • Added the Technologies tab to the Application dashboard
  • Added user provisioning with SCIM 2.0 for Teams
11 September 2025
COPY LINK

New feature

  • Added Vulnerabilities widgets to the Target Trend Matrix
  • The User Agent string is now displayed in Scan Configuration settings for each Target
  • Updated the scanner error message for status code 429 (Too Many Requests)
  • Added display of Mean Time to Remediate grouped by severity and indicated vulnerabilities exceeding MTTR
  • The Vulnerability drawer is now accessible in the Trend Matrix
  • Added the ability to export the Trend Matrix to CSV
  • Added filtering options for the Trend Matrix
  • Introduced the Trend Matrix for Applications
  • Improved the display of scan duration in reports
  • Added a custom User Agent option in Scan Configuration for Targets
  • FQDN utilization is now displayed in the side menu
  • Implemented automatic DAST scans in the GitHub Actions CI/CD pipeline

Improvements

  • Scan Profiles are now required for CI/CD integrations

Resolved issues

  • Resolved an issue that prevented manually entered sensor secrets from being saved
  • Enhanced scan summaries to provide clearer explanations for aborted scans
  • Resolved multiple issues related to HTTP/2 and LSR processing
  • Resolved handling of aborted scans in the CLI
  • Resolved an issue with restricted HTTP methods to ensure scan script requests are properly blocked
  • Resolved an issue with Jira bi-directional sync to ensure status updates are accurately reflected
  • Resolved an issue where scan progress displayed 100% without matching the actual scanner status