Invicti Standard 24 Apr 2023 v23.4.0

Version information: 23.4.0.40376

New security checks

• Added new patterns for GrapQL attack usage.
• Added new attack pattern to CommandInjection.xml.
• Implemented Bootstrap Libraries Detection.
• Added Out-of-Date vulnerability for mod_ssl.
• Added a report template and vulnerability type for Spring Framework Identified.
• Added JavaMelody Interface Detected Signature.
• Changed WAF Identification Signature for F5 Big IP.
• Added the support for Nested objects for GraphQL attacks.

Improvements

• Updated Invicti Standard with new brand logo.
• Added external schema import to solve a WSDL file importing another WSDL file.
• Removed the interactive login button from the verifier dialog.
• Added the Retest All Subitems in the Sitemap to prevent non-retestable issues from being retested.
• Added a null check for HAR files imported.
• Improved the cookie importing process in order for cookies to be compatible with RFC.
• Updated IAST NuGet PHP package.
• Updated StaticDetection.xml & StaticResourceFinder.xml.
• Added service worker request support for authentication, login simulation, and crawling.

Fixes

• Fixed an issue that caused high memory usage while collecting form values.
• Fixed the untrusted certificate error for internal proxies.
• Fixed the issue that caused the change in the date and time format during the Postman file importing.
• Fixed the Linux agents problem that failed to work in the FIPS-enabled environment.
• Fixed the untrusted certificate error for internal proxies.
• Fixed the “Catastrophic Backtracking” in Whoops Debugging detection.