Invicti Enterprise On-Demand 13 Jun 2024 v24.6.0
This update includes changes to the internal agents. The internal scan agent’s current version is 24.6.0. The internal authentication verifier agent’s current version is 24.6.0.
New Features
- Added functionality for scanning gRPC API Web Services → Learn more
New Security Checks
- Added a new attack pattern for missing Open Redirection
Improvements
- Updated to the latest Chromium version to improve security and performance → Learn more
- Added an option to trigger only specified lists of events
- Added a 100MB limit to the maximum total file size for imported link files
- Added an option to the GitHub Actions CI/CD integration to fail a build if a vulnerability with a specific severity is found during the scan
- Added a Y-axis to the Severity Trend graph in the dashboard
- Updated all the IAST Sensors:
- .NET Framework and .NET Core 6.2.0
- Java 16.0.0
- Node.js 2.1.3
- PHP 8.0.1
- Adjusted the behavior of the website matching option in the Discovery Settings to remove 2nd level domain matching in order to improve the relevance of discovery results
- Added a new option to the Discovery Match Settings (enabled by default) to only show discovery results that have an IP address. This change is intended to prevent the consumption of licenses on targets that cannot be scanned due to the lack of an actual IP address.
- Updated the summary information of the PCI compliance report
Fixes
- Fixed a bug in the Service Now Integration
- Fixed the issue that was causing activity logs to display incorrect owners of failed scans
- Fixed an issue with user-agent selection in scan policies that was causing disabled security check vulnerabilities to appear in the dashboards and scan reports
- Fixed an issue that was causing the agent to not send a heartbeat and become unavailable while archiving and uploading scan results
- Fixed the issue that was preventing updates made in Azure Boards from reflecting in Invicti Enterprise
- Fixed vulnerabilities with the Invicti Scan Agent Docker image
- Fixed the disk space utilization issue that was causing the InvictiCommon folder size to increase significantly during scans
- Resolved an issue with the Business Logic Recorder
- Improved the crawling capability to allow for automatic crawling of XHR requests
- Fixed the missing technology details on the scan summary and scan report pages
- Fixed an AWS4Signer authentication issue