Invicti Enterprise On-Demand 24 Apr 2023
This update includes changes to the internal agents. The internal scan agent’s current version is 23.4.0. The internal authentication verifier agent’s current version is 23.4.0
New security checks
- Added new patterns for GrapQL attack usage.
- Added new attack pattern to CommandInjection.xml.
- Implemented Bootstrap Libraries Detection.
- Added Out-of-Date vulnerability for mod_ssl.
- Added a report template and vulnerability type for Spring Framework Identified.
- Added JavaMelody Interface Detected Signature.
- Added the support for Nested objects for GraphQL attacks.
Improvements
- Updated Invicti Enterprise with the new brand logo.
- Added the discovery source option to filters on the discovered websites page.
- Added the AWS badge to the Discovery Service to identify the assets identified via the AWS connection.
- Improved the Linux agents to work in the FIPS-enabled environment.
- Updated the IAST Bridge to improve the communication between the bridge and the scanner agent.
- Added a null check for HAR files imported.
- Improved the agent and web application communication to end it after three attempts if the internal agent has wrong information.
- Updated IAST NuGet PHP package.
- Updated StaticDetection.xml & StaticResourceFinder.xml.
- Changed WAF Identification Signature for F5 Big IP.
- Added external schema import to solve a WSDL file importing another WSDL file.
- Added service worker request support for authentication, login simulation, and crawling.
Fixes
- Fixed the issue with a folder name with blanks to prevent the Unquoted Service Path vulnerability.
- Fixed the AWS connection issue to let customers add internal EC2 instances.
- Fixed an issue that caused high memory usage while collecting form values.
- Fixed the issue that caused the change in the date and time format during the Postman file importing.
- Fixed the next scheduled scan execution time information on the user interface.
- Fixed the issue that displayed “vulnerability not found” on the user interface although the vulnerability is identified.
- Fixed the control issue that threw an “internal server error” when exporting a scan from Invicti Standard to the Enterprise.
- Fixed the “Catastrophic Backtracking” in Whoops Debugging detection.