New Security Checks
- Added a number of new HTML 5 Cross-site scripting security checks
- Content-type text /xml responses are now being checked for XSS vulnerabilities
- Using Windows 8.3 short filenames techniques to check for information disclosure
- Checks for Microsoft IIS Tilde directory enumaration problems
- A number of new security checks for Webadmin
- Checking for MySQL, RubyonRails and phpMyAdmin SQL dump files on web applications
- File disclosure via XXE Injection tests for Zend Framework
- Information disclosure checks in environment variables
Improvements
- Improved Directory Traversal security checks
- Less false positives reported by the HTML Forms security checks
Bug Fixes
- Custom cookies paths are now set correctly to the start URL
- Login Sequence Recorder now executes Javascripts even if there are js errors
- New discovered input parameters variations are added to the list of input variations rather than ignored