Invicti Standard 01 Nov 2016

New Technical Check


  • Improved the Content Security Policy (CSP) and “Misconfigured Access-Control-Allow-Origin Header” vulnerability templates.
  • Improved CSP vulnerability detection by only reporting vulnerabilities on HTML resources.
  • Team Foundation Server Send To action now populates severity and repro steps fields.
  • Improved report generation dialog by remembering the last used settings separately for each report type.
  • Added “Copy as cURL” context menu item to site map.
  • Added support for HTTP POST method while using Open in Browser site map context menu option.
  • Added support for attacking to User-Agent and Referer request headers.
  • Improved scan session export dialog by suggesting default file names.
  • Improved the coverage of the boolean SQL injection vulnerability engine.
  • Improved GitHub send to configuration by check the existence of the specified repository.


  • Fixed various encoding issues on request builder.
  • Fixed the splash screen issue where it opens on wrong monitor on multi monitor setups.
  • Fixed External CSS, Script and Frame knowledge base items which do not consider the port while performing checks.
  • Fixed the missing method values on vulnerability summary table of reports.
  • Fixed the missing dashboard statistics when a scan session is imported.
  • Fixed the site map Copy URL issue for some nodes which were missing URL information.
  • Fixed a hang that may occur when windows gets locked, goes to sleep or hibernation.
  • Fixed an issue with auto save where scan is not saved during the extra confirmation phase.
  • Fixed an issue in open redirect detection where incorrect URLs may also be reported.
  • Fixed the zero progress bar issue on loaded scan files.
  • Fixed various CSP vulnerability highlight issues.
  • Fixed an issue related with form authentication which prevents logout detection during attacking phase.
  • Fixed an issue related with temp file generation.
  • Fixed an Local File Inclusion vulnerability detection issue when attacked with a FullUrl payload.
  • Fixed an extra tab on Scanned URLs List (CSV) report template.
  • Fixed the size of scan policy editor dialog on screens with high DPI.
  • Fixed the incorrect severity icon on site map when a vulnerability is selected.
  • Fixed an incorrect retest result occurs when the target web site is not reachable.
  • Fixed a CSP vulnerability issue for deprecated CSP header name on meta tags.
  • Fixed the remaining registry keys after uninstall.