16 Nov 2021

6.2

NEW FEATURES

Added the Bridge URL and Shark token support for Invicti Shark (IAST).
Added setting to configure Session Cookie Names.
Updated CWE classification category orders for Out-of-date templates.
Improved Cross-site Scripting attack pattern.
Added support for exploiting local storage and session storage in the DOM XSS security checks.
Added highlighting support for custom scripts.
Added Web Application Firewall to the site profile.
Changed the default ignored parameter comparison to case insensitive.
Added 'Is Encoded' option to OAuth2 parameters.
Added JWT Token pre-request script template.
Added the CSP Not Implemented that will be reported as confirmed.
Added the Subresource integrity not implemented that will be reported as confirmed.

Fixed the issue that Content-Type header missing was reported when there was no content in the response.
Fixed the issue FP JWT was reported in a not found response.
Fixed the issue possible and confirmed vulnerabilities reported in the same URL.
Marked weak TLS ciphers.
Fixed the issue proof that was generated even when the proof generation option was disabled in the scan policy.
Fixed FP WAF Identified.
Fixed the issue vulnerability count in root node is not updated when a vulnerability is removed and Blind XSS was prioritized over the Reflected Cross-site Scripting.
Fixed the issue source code disclosure is reported in binary responses.
Fixed the issue fingerprint checker crashes when an applications file could not be found.
Fixed the issue object-src missing was reported when default-src is provided in CSP security checks.
Fixed the issue that some cipher suites are not reported as weak.
Fixed the issue classification links were not rendered correctly when there are multiple values.
Fixed the issue proof prefix was added when there were no more characters to be found.