Acunetix Web Vulnerability Scanner version 9, build 20130904 contains various new features including the detection of BREACH and CRIME SSL / TLS vulnerabilities, the detection of vulnerabilities in OpenX and vBulletin, and various other improvements.
New Functionality
- Implemented the detection for BREACH vulnerabilities.
- Implemented the detection of Compression Ratio Info-leak Made Easy (CRIME) SSL/TLS exploits.
- Added detection for OpenX 2.8.10 backdoor.
- Added detection of vBulletin versions 4.1+ and 5+ customer number leak.
Improvements
- Improved DeepScan to provide better coverage.
- Improved SQL injection detection for HSQLDB databases.
- Improved XSS detection.
- Added ability to select/unselect all items in a folder when using the option “after crawling let me choose the files to scan”.
Bug Fixes
- Fixed custom 404 browser navigation bug
- Filenames encoded as UTF-8 are now properly displayed.
How to Upgrade
If you are running Acunetix WVS 8, you should follow the upgrade instructions available in the “Upgrading from a previous version of Acunetix Web Vulnerability Scanner” in the Acunetix WVS user manual.
If you are running Acunetix WVS v9, you will be notified that a new build is available to download when you start Acunetix WVS. Navigate to the General > Program Updates node in the Tools explorer, click on Download and Install the new build.
You can see the complete Acunetix WVS change log here.
Get the latest content on web security
in your inbox each week.
THE AUTHOR
Principal Program Manager
