29 Jan 2016

29-Jan-2016

New Features

Improved support for Single Page Applications (SPA) and dynamic web applications by rewriting the DOM parser
Improved DOM Parser and DOM XSS performance
Added trend report support for all scan groups
Improved cookie validation on the new scan page
Removed web application fingerprint step from the Scan Policy Optimizer wizard
Added tooltips for URL rewrite settings on the new scan page
Added automatic exploitation for Boolean and Blind SQL Injection vulnerabilities
Added proof of concept for the blind SQLi vulnerabilities
Added "Proofs" knowledge base nodes
Improved "Remember Me" functionality on the login page
Removed out of scope links from URL rewrite report
Added HTTP response status code 308 to list of redirect status codes
Added Crawling and Scan Performance knowledge base nodes
Eliminated web application fingerprinter's meta tag requests by re-using crawled link response
Improved performance of the email disclosure detection pattern significantly
Added .svg to default set of ignored extensions on the policy settings

Fixed documentation of conditionally required fields in API
Fixed editing issues on collective editor of vulnerability tasks
Disabled website verification for on-premises installations
Fixed a bug which could occur while taking a screenshot during the scan
Fixed a bug that occurs when a proof of concept is empty
Fixed a FileNotFoundException occurs while caching DOM requests
Fixed the explanation text for Entered Path and Below scope
Fixed the SSL/TLS fall back code to cover more HTTPS web sites
Fixed an out of date JavaScript library version issue where identified version was bigger than Invicti’s latest version
Fixed the slow performance issue which occurs when "Automatically Detect Settings" proxy setting is enabled
Fixed an out of date JavaScript library version issue where version value cannot be captured
Fixed a not found detection issue where redirect analysis fails on redirect cases