Invicti Enterprise On-Premises 29 Jan 2016

New Features

  • Added “Fixed Vulnerabilities” chart to website and global dashboard
  • Added vulnerability list to website dashboard


  • Improved support for Single Page Applications (SPA) and dynamic web applications by rewriting the DOM parser
  • Improved DOM Parser and DOM XSS performance
  • Added trend report support for all scan groups
  • Improved cookie validation on the new scan page
  • Removed web application fingerprint step from the Scan Policy Optimizer wizard
  • Added tooltips for URL rewrite settings on the new scan page
  • Added automatic exploitation for Boolean and Blind SQL Injection vulnerabilities
  • Added proof of concept for the blind SQLi vulnerabilities
  • Added “Proofs” knowledge base nodes
  • Improved “Remember Me” functionality on the login page
  • Removed out of scope links from URL rewrite report
  • Added HTTP response status code 308 to list of redirect status codes
  • Added Crawling and Scan Performance knowledge base nodes
  • Eliminated web application fingerprinter’s meta tag requests by re-using crawled link response
  • Improved performance of the email disclosure detection pattern significantly
  • Added .svg to default set of ignored extensions on the policy settings

Bug Fixes

  • Fixed documentation of conditionally required fields in API
  • Fixed editing issues on collective editor of vulnerability tasks
  • Disabled website verification for on-premises installations
  • Fixed a bug which could occur while taking a screenshot during the scan
  • Fixed a bug that occurs when a proof of concept is empty
  • Fixed a FileNotFoundException occurs while caching DOM requests
  • Fixed the explanation text for Entered Path and Below scope
  • Fixed the SSL/TLS fall back code to cover more HTTPS web sites
  • Fixed an out of date JavaScript library version issue where identified version was bigger than Invicti’s latest version
  • Fixed the slow performance issue which occurs when “Automatically Detect Settings” proxy setting is enabled
  • Fixed an out of date JavaScript library version issue where version value cannot be captured
  • Fixed a not found detection issue where redirect analysis fails on redirect cases