Documentation
Security Checks
-
Security Checks
- Security Checks
- WAF Identifier
- GraphQL Library Detection
- Identifying MongoDB injection vulnerabilities
- BREACH Attack
- Forced Browsing
- Login Page Identifier
- Malware Analyzer
- Custom Scripts for Security Checks in Invicti Enterprise
- Custom Scripts for Security Checks in Invicti Standard
- Custom Security Checks via Scripting
- Identifying sensitive data
-
How Invicti reports vulnerabilities
- Apache Struts RCE
- Code Evaluation
- Command Injection (CI)
- Cross Site Scripting (XSS)
- File Inclusion
- Header Injection
- NoSQL Injection
- Server-Side Request Forgery (SSRF)
- SQL Injection
- Static Resources
- XML External Entity (XXE)
- Arbitrary Files (IAST)
- BREACH Attack
- Configuration Analyzer (IAST)
- Content Security Policy
- Content-Type Sniffing
- Cookie
- Cross Frame Options Security
- Cross-Origin Resource Sharing (CORS)
- Cross-Site Request Forgery
- Drupal Remote Code Execution
- Expression Language Injection
- File Upload
- GraphQL Library Detection
- Header Analyzer
- Heartbleed
- HSTS
- HTML Content
- HTTP Methods
- HTTP Status
- HTTP.sys (CVE-2015-1635)
- IFrame Security
- Insecure JSONP Endpoint
- Insecure Reflected Content
- JavaScript Libraries
- JSON Web Token
- Login Page Identifier
- Malware Analyzer
- Mixed Content
- Open Redirection
- Oracle WebLogic Remote Code Execution
- Referrer Policy
- Reflected File Download
- Signatures
- Software Composition Analysis (SCA)
- SSL
- Unicode Transformation (Best-Fit Mapping)
- WAF Identifier
- Web App Fingerprint
- Web Cache Deception
- WebDAV
- Windows Short Filename