Netsparker Now Invicti
Invicti Professional Edition Full Activated
Some of the basic security tests should include testing:
- SQL Injection
- XSS (Cross-site Scripting)
- DOM XSS
- Command Injection
- Blind Command Injection
- Local File Inclusions & Arbitrary File Reading
- Remote File Inclusions
- Remote Code Injection / Evaluation
- CRLF / HTTP Header Injection / Response Splitting
- Open Redirection
- Frame Injection
- Database User with Admin Privileges
- Vulnerability – Database (Inferred vulnerabilities)
- ViewState not Signed
- ViewState not Encrypted
- Web Backdoors
- TRACE / TRACK Method Support Enabled
- Disabled XSS Protection
- ASP.NET Debugging Enabled
- ASP.NET Trace Enabled
- Accessible Backup Files
- Accessible Apache Server-Status and Apache Server-Info pages
- Accessible Hidden Resources
- Vulnerable Crossdomain.xml File
- Vulnerable Robots.txt File
- Vulnerable Google Sitemap
- Application Source Code Disclosure
- Silverlight Client Access Policy File Vulnerable
- CVS, GIT, and SVN Information and Source Code Disclosure
- PHPInfo() Pages Accessible and PHPInfo() Disclosure in other Pages
- Sensitive Files Accessible
- Redirect Response BODY Is Too Large
- Redirect Response BODY Has Two Responses
- Insecure Authentication Scheme Used Over HTTP
- Password Transmitted over HTTP
- Password Form Served over HTTP
- Authentication Obtained by Brute Forcing
- Basic Authentication Obtained over HTTP
- Weak Credentials
- E-mail Address Disclosure
- Internal IP Disclosure
- Directory Listing
- Version Disclosure
- Internal Path Disclosure
- Access Denied Resources
- MS Office Information Disclosure
- AutoComplete Enabled
- MySQL Username Disclosure
- Default Page Security
- Cookies not marked as Secure
- Cookies not marked as HTTPOnly
- Stack Trace Disclosure
- Programming Error Message Disclosure
- Database Error Message Disclosure
Invicti Professional Change Log
Version 6.4.0.35166 - 8th March 2022
NEW FEATURES
IMPROVEMENTS
- Netsparker Standard now Invicti Standard.
- Added a token matching rule when it is required to get the token from a website other than the target URL.
- Improved the GraphQL attacks to include non-string fields.
NEW SECURITY CHECKS
FIXES
- Fixed a consistency issue between the Software Composition Analysis and the Knowledge Base on reported vulnerabilities.
- Fixed a bug that prevents the Knowledge Base View from being shown properly when a user disables the knowledge base from a scan policy.
- Fixed a null reference exception by adding a control whether the current scan policy is empty.
- Fixed a bug that the agent does not continue the scan after a pause.
- Fixed a bug that does not properly show all components detected by a software composition analysis after a retest.
Software License : Professional Edition
Version : 6.4.0.35166
Price : $ 29,995 - 1 Year
Discount : 100% OFF
Download
VirusToTal
Source: Invicti Professional Full
Последнее редактирование:
