Acunetix WVS v.10 (build 20150921) has been released. This new build checks for Cross Site Scripting in mobile-touch event handlers and for various vulnerabilities in products such as Composer, Zend Framework, AjaxControlToolkit and others. Below is a full list of updates.

New Features

Improvements

  • Updated database of WordPress core and plugin vulnerabilities.
  • Added more checks for vulnerable JavaScript libraries.
  • Improved WADL parsing to support more representation types.

Bug Fixes

  • Fixed some false positives in JavaScript libraries audit.
  • Fixed a false positive in File Inclusion script.
  • Fixed an issue causing JSON and XML inputs not being checked for XSS.
  • Fixed SSL audit bug that is triggered when server_name extension was not sent to the server during SSL negotiation.

How to Upgrade

If you are running Acunetix Web Vulnerability Scanner v10, you will be notified that a new build is available to download when you start the application. Navigate to the General > Program Updates node in the Tools explorer, click on Download and Install the new build.

If you are running Acunetix WVS v8 or v9, you should follow the upgrade instructions available in the “Upgrading from a previous version of Acunetix Web Vulnerability Scanner” in the Acunetix WVS user manual.

You can see the complete Acunetix WVS change log here.

SHARE THIS POST
THE AUTHOR
Nicholas Sciberras
Principal Program Manager
As the Principal Program Manager, Nicholas is passionate about IT security and technology at large. Prior to joining Acunetix in 2012, Nicholas spent 12 years at GFI Software, where he managed the email security and anti-spam product lines, led multiple customer service teams, and provided technical training.