Invicti Enterprise On-Premises 16 Mar 2023 v23.3.0

New features

  • Added the Maximum 404 Signatures field to scan policies.
  • Added an option to exclude issues’ history from reports.
  • Added an option to set a timeout value for agents to be set as Unavailable if they are stuck

New security checks

  • Added the JSON Web Tokens detected check.
  • Added JWT Token Forgery through Kid by using static files.


  • Improved the JSON Web Tokens’ vulnerability logic.
  • Updated JWT Token Forgery check condition.
  • Extended excluded header names with new headers.
  • Improved the JWT Token Finder Regex in the JWT engine.
  • Updated the embedded Chromium browser.
  • Added the permission check to download reports.
  • Added a parameter (ImportedLinks) for imported links to the /scanprofiles/new API endpoint.
  • Improved the global dashboard performance.
  • Added records limit to avoid Out-of-Memory exceptions on reports.
  • Added the link scope check for the user-controllable cookie vulnerability.
  • Improved the default browser settings to be reflected in the business logic recorder (BLR).
  • [Early Access] Created a queue to store scan results and register results asynchronously.
  • Improved the web app and agent communication.
  • Improved the performance of the scan report API endpoint.


  • Fixed an issue that caused unhandled exceptions when there is no service endpoint definition in the WSDL file.
  • Fixed accessibility issue in the scan optimizer pop-up.
  • Fixed special character problems in Crawled and Scanned URLs reports.
  • Fixed “file in use error” while archiving scan logs.
  • Fixed the OAuth 2.0 authentication problem caused by the failure to get code information and certification validation in out-of-scope links. Fixed missing cookies for the JSON Web Tokens attack requests.
  • Fixed the text parser extension issue that caused agents stuck.
  • Fixed the vulnerability family issue that caused the Hawk not to detect issues.
  • Fixed the bug that threw an error when the Require SAML assertions to be encrypted checkbox is not selected on the Single Sign-on page.
  • Fixed a bug that caused scans to be canceled unexpectedly.
  • Fixed a bug that caused scans to terminate prematurely due to incorrect time settings.
  • Fixed the exception issue for the internal authentication verifier.
  • Fixed the cloud agent issue that was stuck in the launching stage.
  • Fixed the host unavailable issue that was thrown for sub-target URLs.
  • Updated the docker agent package for the 64-bit process.