04 Jul 2016

Invicti Enterprise On-Premises 04 Jul 2016

NEW FEATURES

Support and Scanning of RESTful web services.
Auto Heuristic URL Rewrite Rules can be used with Custom URL Rewrite rules during a website security scan.
New Reporting utility.
Added the new option “Crawl & Attack at the Same Time” setting to new scan page.

Various memory usage improvements to better handle large websites.
Improved vulnerability templates by adding product information when a 3rd party web application (WordPress, Drupal, Joomla, etc.) is discovered.
Improved DOM simulation by supporting HTTP responses that is translated to HTML web pages using XSLT.
Improved coverage of Local File Inclusion security check engine.
Improved the automatic form authentication script to click the “button” HTML elements if no suitable button is found.
Improved the “HTML Base Tag Hijacking” vulnerability template.
Improved the long-term memory usage of the DOM simulation and cross-site scripting (XSS) scanning.
DOM simulation smart filtering now prunes unnecessary DOM branches.
Improved the detection of “Redirect Body Too Large” vulnerability.

Fixed the “Cross-site Scripting via Remote File Inclusion” vulnerability, which was not being confirmed automatically.
Fixed the incorrect form value issue when the #DEFAULT# form value is removed.
Fixed an HTTP Archive Importer issue during which the POST method was parsed as GET when postData is empty.
Fixed a bug in which a GWT parameter that contained a Base64 encoded value was not detected.
Fixed a time span parsing bug in Knowledge base report templates.
Fixed an issue in which some vulnerabilities are treated as fixed while retesting.
Fixed an issue in which XSS proof URL was missing alert function call.
Fixed the broken “Generate Debug Info” function of JavaScript simulation feature.
Fixed a NullReferenceException that can be thrown by the Subresource integrity security checks.
Fixed cURL login sample in API documentation.