Invicti Enterprise Update - 26th January 2017
New Features
- Authentication & session verification for form based authentication.
- Credentials test for Basic and NTLM/Kerberos authentication mechanisms.
- Support for the Invicti Hawk infrastructure, used for detecting SSRF and out-of-band vulnerabilities.
- Added HTTP request rate limiting options to Scan Policy.
- Added "Ignored Email Addresses" section in Scan Policy.
- Added accept and reject options for untrusted SSL certificates.
- Added an option to disable automatic detection of 404 error pages.
- Support for importation of Postman files.
New Security Checks
Improvements
- Improved the performance of several link importers.
- Added "Bearer Token" support for form authentication.
- Added confirmation for Frame Injection vulnerabilities.
- Added http: and https: checks for CSP vulnerability detection.
- Improved link importers - redundant CONNECT requests are now excluded.
- Optimized attacker performance for links containing single parameter.
- Optimized crawling parser by skipping DOM simulation on pages with static content.
- Improved coverage of CORS security check with extra attacks.
- Removed GWT attacks from file upload security checks.
- Improved DOM simulation performance.
- Improved CSS parsing which now follows CSS import directives.
- Improved coverage of open redirect security checks by adding/updating attacks patterns.
- Improved logout detection by skipping JavaScript responses.
- Added support for "HTTP 410 Gone" and "HTTP 451 Unavailable For Legal Reasons" response status codes.
- Added CVSS information to more vulnerabilities.
- Updated vulnerability database.
- Added URL Rewrite mode to Detailed Scan Report.
- Added support for configuring websites on manage groups page.
- Improved the UI & UX of several pages.
Bug Fixes
- Fixed an issue where a “multiple cookies issue” should not be reported.
- Fixed a JSON parsing issue with text parser.
- Fixed an HTTP response issue where the response could not be read because only BOM bytes are sent on first read attempt.
- Fixed an issue where a false positive file upload vulnerability might be reported.
- Fixed several DOM simulation issues on pages that have many iframe elements.
- Fixed a NullReferenceException while performing an internal MD5 encoding operation.
- Fixed an encoding issue on a proof URL of an XSS vulnerability.
- Fixed an issue where "Shell Script Identified" vulnerability is not found when retested.
- Fixed URL parsing on pages where the URLs were containing whitespace characters like carriage return and line feeds.
- Fixed a text parsing issue where absolute URLs were converted to invalid relative URLs.
- Fixed incorrect protocol detection for protocol-relative URLs.
- Fixed an issue which occurs during importing websites with unix line endings.
- Fixed a retest issue which occurs if vulnerable URL contains a dash character.
- Fixed an issue where SSL details were not shown properly on knowledge base report.
Invicti Enterprise Update - 1st December 2016
New Feature
Improvements
- Description in Scan Status have been improved to give a better overview.
- Added a new crawling option Find and Follow New Links. Previously it was hidden and always enabled.
- Improved the names of the exported reports by adding the report type as prefix in filename.
Bug Fixes
- Fixed an issue where the target website screenshot was not being captured.
- Fixed the CSS styles in some knowledge base items in the scan report page.
- Fixed an issue where the Upload client certificate button was not working.
Netsparker Enterprise Update - 17th November 2016
Fixes
- Fixed a licensing bug in a third-party library.
Invicti Enterprise Update - 2nd November 2016
New Technical Check
- Added "Cookie Header Contains Multiple Cookies" check
Improvements
- Improved the Content Security Policy (CSP) and "Misconfigured Access-Control-Allow-Origin Header" vulnerability templates.
- Improved CSP vulnerability detection by only reporting vulnerabilities on HTML resources.
- Improved the coverage of the boolean SQL injection vulnerability engine.
Fixes
- Fixed an issue which was preventing the deletion of multiple websites.
- Fixed the External CSS, Script and Frame Knowledge Base items which were not considering the port during checks.
- Fixed an issue in the Open Redirect detection where incorrect URLs may also be reported.
- Fixed an issue related to the form authentication which prevents logout detection during attacking phase.
- Fixed an Local File Inclusion (LFI) vulnerability detection issue when attacked with a FullUrl payload.
- Fixed an incorrect retest result which occurs when the target website is not reachable.
- Fixed a CSP vulnerability issue for deprecated CSP header name on meta tags.
Invicti Enterprise Update - 18th October 2016
New Features
New Web Security Checks
Improvements
- Improved the Cross-site Scripting (XSS) vulnerability security checks coverage.
- Renamed "Permanent XSS" vulnerability to "Stored XSS".
- Added type ahead search functionality for Scan Policy > Security Checks.
- Added HTTP methods to AJAX / XML HTTP Requests knowledge base section.
- Optimized the performance of SOAP web service parsing by skipping the WSDLs that are already parsed.
- Added Scan Policy > Crawling options to enable/disable parsing of SOAP and REST web services.
- Improved DOM simulation by simulating "contextmenu" events.
- Increased the default values for "Maximum Page Visit" and "Max. Number of Parameters to Attack on a Single Page" settings.
- Improved XML parsing during crawling by parsing empty XML elements as parameters too.
- Added the ability to attack parameter names.
- Added a note to vulnerability detail for non-exploitable frame injection.
- Added .jhtml and .jsp attacks to file upload engine.
- Improved CORS security checks.
- Improved Open Redirect engine to detect CNAME injection such as example.com.r87.com.
- Improved XSS confirmation for vulnerabilities found inside noscript tags.
- Added an attack pattern to the command injection engine to bypass whitespace filtering using $IFS environment variable.
Bug Fixes
- Fixed a form authentication issue where the last form authentication sequence requests were prematurely cancelled.
- Fixed an issue where incorrect PHP source code disclosures are reported for some binary responses.
- Fixed the broken External Reference link on Remote Code Evaluation (PHP) vulnerability.
- Fixed a file upload input DOM parsing issue which prevents some file upload attacks.
- Fixed a form authentication issue occurs on web sites that opens popups during form authentication sequence.
- Fixed a DOM simulation issue occurs when there is a form element with name "action" on target web page.
- Fixed duplicate "Email Address Disclosure" reporting issue.
- Fixed a NullReferenceException on occurs during CORS security checks.
- Fixed a CSRF exploit generation issue where the generated file is empty.
- Fixed an issue where XSS vulnerability is missed when multiple redirects occur.
- Fixed a text parsing issue where relative URLs were not supported as base href values.
- Fixed an issue where Missing X-Frame-Options Header vulnerability is reported even though ALLOW-FROM is included in the header.
- Fixed an XSS attacking issue where duplicate attacks are made for same payload.
- Fixed a Header Injection attack issue where first line of the HTTP request gets corrupted on full URL attacks.
- Fixed an issue where post exploitation does not work sometimes.
- Fixed a form authentication issue where any slash character in credentials cannot be used.
Invicti Enterprise Update - 21st September 2016
New Features
Improvements
Bug Fixes
- Fixed wrong websites threat levels (they were just representing the last scan's threat level).
- Fixed the security overview chart which was showing only the last scan's threat level for each website.
Invicti Enterprise Update - 30th June 2016
NEW FEATURES
NEW SECURITY CHECKS
- Added Samesite cookie attribute check.
- Added Reverse Tabnabbing check.
- Added Subresource Integrity (SRI) Not Implemented check.
- Added Subresource Integrity (SRI) Hash Invalid check.
IMPROVEMENTS
- Various memory usage improvements to better handle large websites.
- Improved vulnerability templates by adding product information when a 3rd party web application (WordPress, Drupal, Joomla, etc.) is discovered.
- Improved DOM simulation by supporting HTTP responses that is translated to HTML web pages using XSLT.
- Improved coverage of Local File Inclusion security check engine.
- Improved the automatic form authentication script to click the "button" HTML elements if no suitable button is found.
- Improved the "HTML Base Tag Hijacking" vulnerability template.
- Improved the long-term memory usage of the DOM simulation and cross-site scripting (XSS) scanning.
- DOM simulation smart filtering now prunes unnecessary DOM branches.
- Improved the detection of "Redirect Body Too Large" vulnerability.
BUG FIXES
- Fixed the "Cross-site Scripting via Remote File Inclusion" vulnerability, which was not being confirmed automatically.
- Fixed the incorrect form value issue when the #DEFAULT# form value is removed.
- Fixed an HTTP Archive Importer issue during which the POST method was parsed as GET when postData is empty.
- Fixed a bug in which a GWT parameter that contained a Base64 encoded value was not detected.
- Fixed a time span parsing bug in Knowledge base report templates.
- Fixed an issue in which some vulnerabilities are treated as fixed while retesting.
- Fixed an issue in which XSS proof URL was missing alert function call.
- Fixed the broken "Generate Debug Info" function of JavaScript simulation feature.
- Fixed a NullReferenceException that can be thrown by the Subresource integrity security checks.
- Fixed cURL login sample in API documentation.
Netsparker Enterprise Update - 5th May 2016
NEW SECURITY CHECKS
Netsparker Enterprise Update - 4th May 2016
New Features
NEW SECURITY CHECKS
- Detection of SQLite Database files.
- Detection of Microsoft Outlook Personal Folders File (.pst) files.
- Detection of DS_Store files.
- Detection of SVN files, supporting the latest version of SVN.
IMPROVEMENTS
- Improved LFI "Long attack - boot.ini" attack.
- Added Internet Explorer 10, 11 and Microsoft Edge browser user agent values.
- Improved the performance of the scan session auto saves.
- Improved link importing to better handle relative URLs.
- Improved the "MIME Types" knowledge base list by ordering items alphabetically.
- Added "Extract static resources" option to JavaScript scan policy settings.
- Improved coverage of XML External Entity engine.
FIXES
- Fixed an attacking issue that occurs when retesting a vulnerability in an incremental scan.
- Fixed a link parsing issue in the text parser where links were incorrectly split.
- Fixed a form authentication "Override Target URL with authenticated page" issue which caused a wrong URL to be identified as the "Target URL".
- Fixed a highlighting issue where the URL for "Insecure Frame (External)" vulnerability is partially highlighted.
- Fixed an incorrect "Source Code Disclosure" vulnerability report when the response contained an ASP.NET event validation code sample.
- Fixed a broken link in XSS vulnerability templates.
Invicti Enterprise Update - 11th April 2016
New Features
New Security Checks
- Added Missing X-XSS-Protection Header vulnerability check.
- Added Video.js JavaScript library detection.
- Added Insecure Transportation Security Protocol Supported (TLS 1.0) vulnerability check.
Improvements
- Added the Smart DFS feature to the Dom Parser which uses a similarity heuristic technology for DOM elements to avoid multiple scanning of the same or similar parameters.
- Improved "Not Found Analyzer" to better handle binary responses and long strings.
- Added a link to the proof URL for XSS vulnerabilities.
- Added link generation to Text Parser for all select element options.
- Improved DOM parser to skip redirect responses.
- Improved the DOM parser to use the input value for auto-suggest simulation when input is not in a form.
- Added support for modifying asynchronous javascript executions in order to increase DOM Parser coverage.
- Improved relative link parsing on JavaScript files.
- Improved the coverage of file upload security checks.
- Improved the coverage of XSS security checks.
- Improved UI of the scan policy optimized wizard.
- API authentication method updated for backward compatibility.
Bug Fixes
- Fixed an issue where LFI attack patterns were being reported as internal path disclosure.
- Fixed the incorrect raw response representing SSL connections.
- Fixed an issue where forms containing ignored parameters were not reported as a CSRF vulnerability.
- Fixed a case where dynamically generated HTML option elements' change event were not being triggered.
- Fixed cross-domain document access errors on DOM parser and XSS scanner.
- Fixed an issue where a JSON request's method was incorrectly recognized as POST rather than GET.
- Fixed a retest issue where a vulnerability fix is reported by mistake.
- Fixed form values target setting to use Name as the default value when a Target is not selected.
- Fixed a file extension parsing issue related with File Extension List knowledgebase item.
- Fixed a hang issue that occurs while performing JavaScript library security checks.
- Fixed a custom form authentication API issue where "ns" namespace was conflicting with a global variable on target website - auth API has been moved to "netsparker" namespace preserving the "ns" backward compatibility.
- Fixed a DOM Parser and XSS scanner bug that incorrectly followed redirects.
- Fixed a form values issue - empty form values should not set any default values for parameters.
- Fixed an issue during which the setting of the Connection request header failed.
Netsparker Enterprise Update - 17th March 2016
Improvements
- Increased severity of the Insecure Transportation Security Protocol Supported (SSLv2) vulnerability to Important
- Added support for adding several more request HTTP headers including the "Host" header
Invicti Enterprise Update - 11th March 2016
New Features
- Scan profiles can now be shared with all team members
- Scan profiles can be assigned as a primary scan profile for a website so whenever a new scan is being configured for a website, the default scan profile will be the primary one
New Web Security Checks
- Added security check for the new DROWN SSL/TLS vulnerability
- Added "HSTS (HTTP Strict Transport Security) Not Enabled" security checks
- Added various checks being reported with "HTTP Strict Transport Security (HSTS) Errors and Warnings"
- Added version checks for OpenCart web application
Improvements
- Improved JavaScript/DOM simulation for better DOM XSS security checks
- Added "Form Values" support for JavaScript/DOM simulation and DOM XSS attacks
- Authentication settings moved from website to scan launch screen to be included in scan profile
- Scan scheduling operations seperated from scan launch screen
- Changed the "Configure a new scan" page to a more ergonomic interface
- Users with admin permission can no longer see team member's API token
- Added endpoint type field to activity logs. (API or Web UI)
- Added a new scan policy setting section for JavaScript related settings
- Rewritten HSTS security checks
- Added evidence information to vulnerabilities list XML report
- Improved out-of-date reports for applications/libraries that have multiple active stable branches (i.e. jQuery 1.x and 2.x)
- Added the file name information for the local file inclusion evidence
- Added source code to vulnerability details for "Source Code Disclosure" vulnerabilities
- Improved Heuristic URL Rewrite implementation to detect more patterns and increase crawling efficiency
- Improved the performance of DOM simulation by aggressively caching external requests
- Improved the performance of DOM simulation by caching web page responses
- Improved the performance of DOM simulation by blocking requests to known ad networks
- Improved minlength and maxlength support for form inputs that sets a value with an appropriate length
- Added support for matching inputs by label and placeholder texts on form values
- Improved the vulnerability description on out-of-date cases where identified version is the latest version
- Added database version, name and user proof for SQL injection vulnerabilities
- Optimized the attacks with multiple parameters to reduce the number of attacks
- Added "Identified Source Code" section for "Source Code Disclosure" vulnerabilities
Bug Fixes
- Fixed an issue which fails reading cookies on form authentication verification for cases where Set-Cookie response header is empty
- Fixed an issue with client certificate authentication where the client certificate may be sent to external hosts while making HTTP requests
- Fixed cases where Invicti was making requests to addresses that are generated by its own attacks
- Fixed elapsed time stops when the current scan is exported
- Fixed an issue with JavaScript library version detection where wrong version is reported if the path to JavaScript file contains digits
- Fixed missing AJAX requests on knowledge base while doing manual crawling
- Fixed HSTS engine where an http:// request may cause to loose current session cookie
- Fixed an issue where extracted links by TextParser in a JavaScript file should be relative to the main document
- Fixed the issues of delegated events not simulated if added to the DOM after load time
- Fixed the issue where hidden resource requests made by Invicti are displayed on out of scope knowledgebase
- Fixed the issue with automatic SSL protocol fallback which attempts the fallback even if the current security protocol is same with the fallback value
- Fixed the issue of "Strict-Transport-Security" is being reported as "Interesting Header"
- Fixed the broken HIPAA classification link
Invicti Enterprise Update - 29th January 2016
New Features
- Added "Fixed Vulnerabilities" chart to website and global dashboard
- Added vulnerability list to website dashboard
Improvements
- Improved support for Single Page Applications (SPA) and dynamic web applications by rewriting the DOM parser
- Improved DOM Parser and DOM XSS performance
- Added trend report support for all scan groups
- Improved cookie validation on the new scan page
- Removed web application fingerprint step from the Scan Policy Optimizer wizard
- Added tooltips for URL rewrite settings on the new scan page
- Added automatic exploitation for Boolean and Blind SQL Injection vulnerabilities
- Added proof of concept for the blind SQLi vulnerabilities
- Added "Proofs" knowledge base nodes
- Improved "Remember Me" functionality on the login page
- Removed out of scope links from URL rewrite report
- Added HTTP response status code 308 to list of redirect status codes
- Added Crawling and Scan Performance knowledge base nodes
- Eliminated web application fingerprinter's meta tag requests by re-using crawled link response
- Improved performance of the email disclosure detection pattern significantly
- Added .svg to default set of ignored extensions on the policy settings
Bug Fixes
- Fixed documentation of conditionally required fields in API
- Fixed editing issues on collective editor of vulnerability tasks
- Disabled website verification for on-premises installations
- Fixed a bug which could occur while taking a screenshot during the scan
- Fixed a bug that occurs when a proof of concept is empty
- Fixed a FileNotFoundException occurs while caching DOM requests
- Fixed the explanation text for Entered Path and Below scope
- Fixed the SSL/TLS fall back code to cover more HTTPS web sites
- Fixed an out of date JavaScript library version issue where identified version was bigger than Invicti’s latest version
- Fixed the slow performance issue which occurs when "Automatically Detect Settings" proxy setting is enabled
- Fixed an out of date JavaScript library version issue where version value cannot be captured
- Fixed a not found detection issue where redirect analysis fails on redirect cases
Netsparker Enterprise Update - 15th January 2016
FIXES
- Fixed a bug where vulnerability evidence was not persisted as expected
Invicti Enterprise Update - 7th January 2016
FEATURES
NEW SECURITY CHECKS
- Added Windows Short File Name security checks
- Added several new backup file checks
- Added web.config pattern for LFI checks
- Added boot.ini pattern for LFI checks
- Added a signature which checks against a passive backdoor affecting vBulletin 4.x and 5.x versions
- Added a signature which checks against an error message generated by regexp function at MySQL database
- Added DAws web backdoor check
- Added MOF Web Shell backdoor check
- Added RoR database configuration file detection
- Added RoR version disclosure detection
- Added RoR out-of-date version detection
- Added RoR Stack Trace Disclosure
- Added RubyGems version disclosure detection
- Added RubyGems out-of-date version detection
- Added Ruby out-of-date version detection
- Added Python out-of-date version detection
- Added Perl out-of-date version detection
- Added RoR Development Mode Enabled detection
- Added Django version disclosure detection
- Added Django out-of-date version detection
- Added Django Development Mode Enabled detection
- Added PHPLiteAdmin detection
- Added phpMoAdmin detection
- Added DbNinja detection
- Added WeakNet Post-Exploitation PHP Execution Shell (WPES) detection
- Added Adminer detection
- Added Microsoft IIS Log File detection
- Added Laravel Configuration File detection
- Added Laravel Debug Mode Enabled detection
- Added Laravel Stack Trace Disclosure
- Added S/FTP Config File detection
IMPROVEMENTS
- Improved calculating algorithm of vulnerability fix times
- Manage team permission replaced with "Admin" permission
- Added support to see website dashboard without scan group filter
- Added scan type information to "Detailed Scan Report"
- Added paging support for scan policy list
- Improved new user email template
- Increased website verification failure limit
- Changed vulnerability chart's colors on the dashboard page
- Added icons for displaying vulnerability status on the vulnerability task page
- Knowledgebase items are expanded by default if they contain a single item
- Added retestable information to vulnerability detail on the scan report page
- Users are redirected to scan group create page if no scan group is found on new scan
- Added a warning message if target path does not end with a trailing slash on the new scan
- Added first seen date information to vulnerabilities page
- Several scan performance improvements to reduce memory usage
- Improved credit card detection to eliminate false positives
- HTTP cookie handling code written from scratch to conform with the latest RFCs which modern browsers also follow
- SSL cipher support check code has been rewritten to support more cipher suites
- SSL checks are now made for target URLs even when protocol is HTTP
- Updated embedded chrome based browser engine to version 41
- Added more ignored parameters for ASP.NET web applications
- Improved scan policy versioning where new security checks are automatically included or excluded by default on existing scan policies
- Improved LFI pattern that matches win.ini files
- Improved XSS coverage by adding an attack pattern for email inputs which require an @ character
- Improved cookie vulnerability details to show all cookies that are not marked as Secure or HttpOnly
- Improved out-of-date vulnerability templates by including severity information of vulnerabilities for that version of software
- Improved out-of-date vulnerability reporting by increasing the severity of the vulnerability if that version of software has an important vulnerability
- Improved Ruby version disclosure detection
- Improved SQL injection vulnerability template by adding remedy information for more development environments
- Improved common directory checks by adding more known directory names
- Updated default user agent
- Improved the default Anti-CSRF token name list
- Improved database error messages vulnerability detection for Informix
- Added new XSS attack pattern for title tag in which JavaScript execution is not possible
- Improved XHTML attacks to check against XSS vulnerabilities
- Optimized confirmation of Boolean SQLi
- Added exploitation for Remote Code Evaluation via ASP vulnerability
- Revamped DOM based XSS vulnerability detail with a table showing XPath column
- Changed SQLi attack patterns specific to MSSQL database with shorter ones
- Improved SQLi attack pattern which causes a vulnerability in LIMIT clauses specific to MySQL database
- DOM simulation is turned off for hidden input types which causes a false-positive confirmed XSS vulnerability
- Improved the "Name" form value pattern to match more inputs
- Improved confirmation of Expression Language Injection vulnerability
- Improved Frame Injection vulnerability details
- Added .phtml extension to detect code execution via file upload
- Improved blind SQL injection detection on some INNER JOIN cases
- Improved external references section of "Remote Code Evaluation (PHP)" vulnerability
- Added retest support for several vulnerability types
- Improved Apache Tomcat detection patterns
- Increased the number of sensitive comments reported
- Improved text parser improvements
- Added separate checks in scan policy for each supported web app fingerprint application
FIXES
- Fixed an issue where imported relative links were not set correctly
- Fixed an issue where scheduled scan names were duplicated
- Fixed URL rewrite analysis to respect case sensitivity settings
- Fixed a form authentication issue which image submit elements were not clicked
- Fixed an issue occurs when the HTTP response body starts with unicode BOM
- Fixed Open Redirect security checks where it should not perform DOM based checks if DOM checks are turned off
- Fixed static resource finder where it was not following a redirect
- Fixed DOM simulation hangs if a rogue JavaScript call enters an endless loop
- Fixed slow XSS highlights on some responses
- Fixed a bug where Full-Url LFI attack which is specific to Ruby-on-Rails applications could not be confirmed
- Fixed a bug where XSS vulnerability could not be confirmed when injection occurs in the middle of a CSS style
- Fixed a bug where generated XSS exploit did not work due to incorrect encoding
- Fixed a bug where a false-positive file upload vulnerability was reported
- Fixed a bug where maximum amount of hard fails was preventing next scan making HTTP requests
- Fixed ""Missing Content-Type"" reporting issue where redirected responses should not be reported
- Fixed an issue where send failures were not being handled while making HTTP requests
- Fixed credit card reporting issue where the value specified in default form values section should not be reported
- Fixed the trimmed parameter name issue on controlled scan panel
- Fixed documentation for nginx vulnerability template that explains how to fix the issue
- Fixed HSTS support for form authentication HTTP requests
- Fixed a URI parsing issue where non-HTTP(S) protocols are ignored
- Fixed a bug where an attribute based attack could not be confirmed as XSS
- Fixed a bug where an injection with ""javascript:"" protocol for XSS attacks occurs after a new line
- Fixed a bug where exploitation goes into loop and causes an unresponsive UI for error based SQLi
- Fixed a bug where redirection happens relatively and reported as Open Redirect vulnerability
- Fixed an issue where a Groovy RCE is reported as Perl RCE
- Fixed a WSDL parsing issue where reference parameters were not handled correctly
- Fixed a WSDL parsing issue where XML types were not handled correctly
- Fixed an issue that occurs during form authentication with an HSTS site that performs redirects to an URL with http protocol
- Fixed a bug where the hash is reported incorrectly in a DOM based XSS vulnerability
- Fixed the misleading content in basic authentication over clear text vulnerability
Netsparker Enterprise Update - 14th September 2015
FEATURES
- Mobile friendly UI with a lot of design improvements
- Added support for sending notification email for canceled scans
IMPROVEMENTS
- Improved resource finder checks for websites which have custom 404 pages
- Increased the default value of Maximum 404 Signature setting to be store more signatures
- Improved timeout calculation for vulnerability checks which require late confirmation
- Replaced scan finish dates with scan urls in global dashboard
- Permissions can be entered while inviting user
- Added icon for scheduled scan items
- Optimized instance launch times for AWS agents
- Improved API documentation for scan policy and website endpoints
- Improved website address validation rules
- Improved website selection on the new scan page
- Added tooltips to scan policy and new scan pages
- Added Enable Content Type Checks setting to scan policy scope section
- Improved validation for scan profile names
- Improved notification email templates
FIXES
- Scheduled scan's target url's scheme could not be changed
- Fixed tooltip text for completed scans
- Fixed a bug where entered URL rewrite rule was overridden on focusing to regex input
- Fixed an issue where Ignore These Content Types setting was not set correctly
- Fixed an issue where scan policy names were duplicated
- Fixed an issue where form authentication settings were not initialized correctly for group scans
- Fixed DOM simulation issue where all delegated events on an elements were not being called
- Fixed a Heartbleed security check issue where it was causing the crawling phase to be stalled
Invicti Enterprise Update - 14th July 2015
FEATURES
- Policy Settings Permission Change: In order to manage Policy Settings, "Start New Scan" permission is required now
- Added Two Factor Authentication Support - Account admins can enforce 2FA to team members
- Added weekly intervals support to trend report in the website dashboards
- Added support for displaying pending tasks on the website dashboard
- Mobile-friendly UI with a lot of design improvements
IMPROVEMENTS
- Added weekly interval support to dashboard trend
- Added pending vulnerability tasks to website dashboard
- "Your account" page split into four pages
- Team member disable support
- Improved scan data cleanup to remove raw scan files
- Improved email sending process to ensure emails are sent for correct actions
- Added status change logs for vulnerability tasks
- Added an email button to Team Invitation page
- Users can resend invitations with this button
- Improved error messages when email fails to send
FIXES
- Fixed Browser Compatibility Warning shown in Chrome on iPhone.
- Fixed an error which occurs while deleting a scan policy
- Fixed target URL link on scan report page
Netsparker Enterprise Release - 11th March 2015
First Official Release