Home
/
Documentation
/
Invicti Standard Release Notes
Invicti Product Release Notes
Invicti Enterprise On-Demand
Invicti Enterprise On-Premises
Invicti Standard
Invicti Application Security Platform
Release Notes

Invicti Standard

RSS FEED
18-Mar-2015
COPY LINK

Read the blog post for more details about this version

NEW FEATURE

  • Improved PDF reports.

IMPROVEMENT

  • Increased performance.
18-Mar-2015
COPY LINK

Read the blog post for more details about this version

NEW WEB SECURITY TEST

  • Redirect BODY is too large and Redirect includes 2 Responses.

NEW FEATURE

  • MS Live ID, SSO Authentication Support.
18-Mar-2015
COPY LINK

Read the blog post for more details about this version

IMPROVEMENTS

  • Vulnerability Database Update
  • Configure Authentication user interface enhancements.

BUG FIX

  • Fixed issues in Form authentication logout detection.
18-Mar-2015
COPY LINK

Read the blog post for more details about this version

NEW FEATURES

  • Windows 8/Server 2012 Support.

IMPROVEMENT

  • Vulnerability Database Update.
18-Mar-2015
COPY LINK

Read the blog post for more details about this version

NEW WEB SECURITY TESTS

  • SSL Checks added
  • Tomcat default files check added
  • ASP.NET MVC version disclosure check added
  • Mongrel and Nginx version disclosure checks added.

NEW FEATURES

  • Added the Vulnerability Database
  • Simultaneous Crawl & Attack.
18-Mar-2015
COPY LINK

Read the blog post for more details about this version

IMPROVEMENTS

  • Updated vulnerability database
  • Updated fingerprinting tables for WordPress and Movable Type
  • Improved the language used in knowledge base templates.

BUG FIXES

  • Fixed a bug to prevent auto update message dialog when the auto update setting is disabled
  • Fixed a bug in meta tag parser to match the correct generator version.
18-Mar-2015
COPY LINK

Read the blog post for more details about this version

NEW WEB SECURITY TESTS

  • Detect web statistic applications
  • Web.config check added
  • WS_FTP log check added
  • Perl RCE (Remote Code Evaluation) checks added.

NEW FEATURES

  • Ability to scan much bigger websites with high performance
  • Faster scans
  • 2 New scan reports added.
18-Mar-2015
COPY LINK

Read the blog post for more details about this version

NEW WEB SECURITY TESTS

  • Possible Windows Username Disclosure
  • LigHTTPD Directory Listing
  • Nginx Directory Listing
  • LiteSpeed Directory Listing
  • Generic Email Address Disclosure
  • LigHTTPD Version Disclosure
  • Nginx Version Disclosure
  • SharePoint Version Disclosure
  • IIS 8 Default Page Detection
  • Struts2 Development Mode Enabled.

NEW FEATURES

  • Seamless Update Support
  • Error Reporting and Help Desk Integration
  • Custom HTTP Header Support.
18-Mar-2015
COPY LINK

Read the blog post for more details about this version

NEW WEB SECURITY TESTS

  • Ruby on Rails Remote Code Execution vulnerability
  • Off the shelf Web Application Fingerprinting and detection of known security issues (Such as WordPress, Joomla and Drupal)
  • Version disclosure checks for Apache module mod_ssl, Ruby and WEBrick HTTP web server
  • Identification of phpMyAdmin and Webalizer
  • Detection of SHTML error messages that could disclose sensitive information
  • New WebDAV engine that detects WebDAV implementation security issues and vulnerabilities
  • Server-Side Includes (SSI) Injection checks.

NEW FEATURES

  • Scan Policy Editor that allows you to build own scan policies for more efficient web application security scans.
  • Oracle CHR encoding and decoding facility in the Encoder pane
  • Support for multiple exclude and include URL patterns which can also be specified in REGEX
  • Knowledge base node where additional information about the scanned website is reported to the user
  • New PCI Compliance Report template.

IMPROVEMENTS

  • Default include and exclude URL pattern has been improved
  • DOM Parser now supports proxies and client certification support
  • The performance of the Controlled Scan user interface has been improved
  • HTTP Response text editor automatically scrolls to the first highlighted text when viewed
  • Improved vulnerability classifications
  • Vulnerability templates text has been improved
  • Updated the look and feel of the vulnerability templates
  • Version vulnerability database updated with new web applications version for better finger printing
  • Cross-site scripting exploit generation improved
  • Improved confirmed vulnerability representation on Detailed Scan Report
  • Internal Path Disclosure for Windows and Unix security tests have been improved
  • Improved version disclosure security tests for Perl and ASP.NET MVC
  • Start a Scan user interface by moving rarely used settings to Invicti general settings
  • Improved the performance of security scans which are started using the same Invicti process
  • Scope documentation text has been updated
  • Updated WASC links to point to the exact threat classification page
  • Improved custom 404 detection on sites where the start URL is redirected.

BUG FIXES

  • Fixed a bug in XSS report templates where plus char encoding was wrong
  • Fixed a bug which causes multibyte unicode characters to be corrupted upon retrieval
  • Fixed a bug where "Auto Complete Enabled" isn't reported
  • Fixed a bug where Community Edition was asking for exporting sessions
  • Fixed a bug causes redundant responses to be stored on redirects
  • Fixed a bug causing a NullReferenceException during reporting
  • Fixed a bug where custom cookies are not preserved when an exported session is imported
  • Fixed a bug on report templates where extra fields were missing when there are multiple fields
  • Fixed the radio button overlap issue on Encoder panel for high DPIs
  • Fixed an issue where CSRF tokens weren't applied for time based (blind) engines in late confirmation
  • Fixed an issue where data grids on Settings dialog were preventing to cancel the dialog when an invalid row is present
  • Fixed an issue where some logouts occurred on attack phase couldn't be detected
  • Fixed a bug which causes requests to URLs containing text HTMLElementInputClass
  • Fixed a bug where the injection request/response could be clipped wrong in the middle of HTML tags
  • Fixed the size of the Configure Authentication wizard for higher DPIs
  • Fixed an issue with CLI interpretation where built-in profiles couldn't be specified
  • Fixed the COMException thrown on Configure Authentication wizard on pages that contain JavaScript calls to window.close()
  • Fixed clipped text issue on scan summary dashboard severity bar chart
  • Fixed the anchors to vulnerability details in OWASP Top Ten 2010 report template
  • Fixed incorrect buttons sizes on message dialogs on high DPI settings
  • Fixed a startup crash which occurs on systems where "Use FIPS compliant algorithms for encryption, hashing, and signing" group policy setting is enabled
  • Fixed click sounds on vulnerability view tab
  • Fixed an issue where find next button was not working on HTTP Request / Response tab
  • Fixed a bug on Configure Authentication wizard occurs when the response contains multiple headers with same names.


Note: Due to major updates to the scan files, Invicti version 3 cannot open scans exported with previous versions of Invicti (.nss files).

18-Mar-2015
COPY LINK

Read the blog post for more details about this version

NEW WEB SECURITY TESTS

  • HTTP Strict Transport Security (HSTS) Test
  • Shell Script Found detection
  • XHTML XSS Attack
  • Database Connection String Found vulnerability
  • Possible Administration Page Found Issue
  • UNC Server and Share Disclosure.

NEW FEATURES

  • Integration with Bug Tracking Tools and Send To Feature
  • Generate Exploit Feature
  • OWASP Top Ten Report.

IMPROVEMENTS

  • Vulnerability Database Update
  • Performance Improvements.
18-Mar-2015
COPY LINK

Read the blog post for more details about this version

NEW WEB SECURITY CHECKS

  • Expression Language Injection check added
  • MyFaces Stack Trace Disclosure check added
  • Mongrel Server Version Disclosure check added
  • Password over GET check added
  • WebLogic Detection check added
  • Elmah.axd Detection check added
  • OpenSSL vulnerabilities added to Vulnerability Database
  • PHP vulnerabilities added to Vulnerability Database.

NEW FEATURES

  • New Authentication System (SSO, Multiple-step Authentication, Extensibility)
  • New Injection Points added
  • Comparison Reports added
  • New dashboard
  • Complete x64 Support
  • Ability to scan large websites (2M+ requests without any problems).
18-Mar-2015
COPY LINK

Read the blog post for more details about this version

NEW FEATURES

  • Controlled Scan
  • Retest single vulnerability.

NEW WEB SECURITY TESTS

  • Silverlight Open Access Policy / Silverlight Access Policy Found Checks
  • Django Stack Trace Disclosure Check
  • MySQL Username Disclosure Check
  • New Backup File Checks
  • X-XSS-Protection Check.