Invicti Enterprise On-Demand 28 Sep 2023 v23.9.1

New features

  • Added new options to the dashboard for selecting date ranges, including creating custom time periods
  • Added a notification to the scan results page to show the VDB update version and Invicti Hawk connectivity status for the agent used in the scan
  • Added a sensitive data (password, session cookie, token etc.) encoder

New security checks

  • Added JQuery placeholder detection methods
  • Added a new security check for the Missing X-Content-Type-Options vulnerability

Improvements

  • Improved the JS Delivery CDN disclosure check to increase stability
  • Improved the remediation part for the Weak Ciphers Enabled vulnerability
  • Reduced the certainty value to 90 for the Robot Attack Detected vulnerability
  • Improved the detection method for CSP
  • Improved the detection method for the Dockerignore File Detected vulnerability
  • Improved the detection method for the Docker Cloud Stack File Detected vulnerability

Fixes

  • Fixed an issue with imported links in the API
  • Fixed a bug in the scan URL rewrite rules
  • Fixed a bug that was preventing retest scans from starting correctly when the vulnerability states were changed from ‘Reviewed’ to ‘Fixed (Unconfirmed)’
  • Fixed a bug with disabling the scheduled scans list
  • Fixed an issue with viewing the Account Edit page
  • Added the missing CVE to the issue details for the “Out-of-date Version (jQuery Validation)” vulnerability
  • Fixed some bugs that were affecting BLR
  • Encrypted proxy password details when used in the Agent
  • Fixed a custom proxy bypass list issue
  • Fixed a unique analyzer bug for the WSDL importer
  • Improved our XSS capabilities
  • Fixed an NTLM login issue