Home
/
Documentation
/
18-Mar-2015
Invicti Product Release Notes
Invicti Enterprise On-Demand
Invicti Enterprise On-Premises
Invicti Standard
Invicti Application Security Platform
18 Mar 2015

18-Mar-2015

Read the blog post for more details about this version

NEW WEB SECURITY TESTS

  • Added attack patterns for LFI vulnerability which is revealed with only backslashes in file path
  • Added Programming Error Message vulnerability detection for SOAP faults
  • Added AutoComplete vulnerability for password inputs
  • NuSOAP version disclosure
  • NuSOAP version check

NEW FEATURES

  • SOAP Web Services scanning - ability to scan SOAP web services for security issues and vulnerabilities
  • Request and Response viewers to view HTTP requests/responses like XML and JSON tree views
  • New knowledge base node that will include all AJAX/XML HTTP Requests
  • New value matching options for form values other than regex pattern (exact, contains, starts, ends)
  • New report template for parsing source information Crawled URLs List (CSV)

IMPROVEMENTS

  • Improved XSS vulnerability confirmation
  • Improved Generic Source Code Disclosure security check by excluding JavaScript and CSS resources
  • Added latest version custom field for the version vulnerabilities
  • Added standard context menus to text editors
  • Sitemap tree will display nodes of JSON, XML and SOAP requests and responses with no parameters
  • Added force option to form value settings to enforce user specified values
  • Optimized attack patterns for JSON and XML attacks by reducing attack requests
  • Optimized Common Directories list and removed the limit for Extensive Security Checks policy
  • Improved the license dialog to show whether a license is missing or expired

FIXES

  • Fixed update dialog to not show in autopilot mode
  • Fixed an interim auto update crash
  • Fixed typo in Out of Scope Links knowledge base report template
  • Fixed an issue in LFI exploiter where XML tags with namespace prefixes was preventing exploitation
  • Fixed Controlled Scan button disabled issue for some sitemap nodes
  • Fixed parameter anchors in Vulnerability Summary table of Detailed Scan Report template
  • Fixed form authentication wizard to use user agent set on currently selected policy
  • Fixed zero response time issue for some sitemap nodes
  • Fixed dashboard progress bar showing 100%
  • Fixed random crashes on license dialog while loading license file or closing dialog
  • Fixed Microsoft Anti-XSS Library links on vulnerability references