Invicti Enterprise On-Demand 22 Feb 2023
This update includes changes to the internal agents. The internal scan agent’s current version is 23.2.0. The internal authentication verifier agent’s current version is 23.2.0
New features
- Added the Maximum 404 Signatures field to scan policies.
- Added an option to exclude issues’ history from reports.
New security checks
- Added the JSON Web Tokens detected check.
- Added JWT Token Forgery through Kid by using static files.
Improvements
- Improved the JSON Web Tokens’ vulnerability logic.
- Updated JWT Token Forgery check condition.
- Extended excluded header names with new headers.
- Improved the JWT Token Finder Regex in the JWT engine.
- Updated embedded Chromium browser.
- Added the permission check to download reports.
- Added a parameter (ImportedLinks) for imported links to the /scanprofiles/new API endpoint.
- Improved the global dashboard performance.
- Added records limit to avoid Out-of-Memory exceptions on reports.
- Added the link scope check for the user-controllable cookie vulnerability.
- Improved the default browser settings to be reflected in the business logic recorder (BLR).
Fixes
- Fixed an issue that caused unhandled exceptions when there is no service endpoint definition in the WSDL file.
- Fixed accessibility issue in the scan optimizer pop-up.
- Fixed special character problems in Crawled and Scanned URLs reports.
- Fixed “file in use error” while archiving scan logs.
- Fixed the OAuth 2.0 authentication problem caused by the failure to get code information and certification validation in out-of-scope links.
- Fixed missing cookies for the JSON Web Tokens attack requests.
- Fixed the text parser extension issue that caused agents stuck.
- Fixed the vulnerability family issue that caused the Hawk not to detect issues.