Invicti Enterprise On-Premises 25 May 2023 v23.5.0

New security checks

  • Added new patterns for GrapQL attack usage.
  • Added new attack pattern to CommandInjection.xml.
  • Implemented Bootstrap Libraries Detection.
  • Added Out-of-Date vulnerability for mod_ssl.
  • Added a report template and vulnerability type for Spring Framework Identified.
  • Added JavaMelody Interface Detected Signature.
  • Added the support for Nested objects for GraphQL attacks.

Improvements

  • Added the discovery source option to filters on the discovered websites page.
  • Added the AWS badge to the Discovery Service to identify the assets identified via the AWS connection.
  • Improved the Linux agents to work in the FIPS-enabled environment.
  • Updated the IAST Bridge to improve the communication between the bridge and the scanner agent.
  • Added a null check for HAR files imported.
  • Added the Retest All Subitems in the Sitemap to prevent non-retestable issues from being retested.
  • Improved the agent and web application communication to end it after three attempts if the internal agent has wrong information.
  • Updated IAST NuGet PHP package.
  • Updated StaticDetection.xml & StaticResourceFinder.xml.
  • Changed WAF Identification Signature for F5 Big IP.
  • Added service worker request support for authentication, login simulation, and crawling.

Fixes

  • Fixed the AWS connection issue to let customers add internal EC2 instances.
  • Fixed an issue that caused high memory usage while collecting form values.
  • Fixed the issue that caused the change in the date and time format during the Postman file importing. 
  • Fixed the next scheduled scan execution time information on the user interface.
  • Fixed the issue that displayed “vulnerability not found” on the user interface although the vulnerability is identified. 
  • Fixed the control issue that threw an “internal server error” when exporting a scan from Invicti Standard to the Enterprise.
  • Fixed the issue that allowed a user with permission to add/edit a website group the ability to view all account websites.
  • Fixed the logo issue that the Knowledge Base report was showing the old Invicti logo.
  • Fixed the untrusted certificate error for internal proxies.