Acunetix Premium - v7.0.20100901

New Features

  • New scanning engine - faster and reports more vulnerabilities
  • New vulnerability verifying techniques to reduce false positives
  • New site crawler - ability to crawl a wider range of websites and find more parameters
  • Scriptable Vulnerabilities - now vulnerability checks are written in JavaScript
  • Ability to analyse website presentation layer to better understand website parameters’ functions
  • Graphical Scan status interface presents you with more scan information
  • Re-scan single vulnerability to avoid launching repetitive scans to verify fixes
  • Support for HTTP Keep-alive
  • DNS Caching to reduce multiple DNS requests
  • Ability to control delay between requests
  • HTTP authentication settings node - support for granular specifications of HTTP credentials
  • Support for digest HTTP authentication mechanism
  • AcuSensor Technology test button to quickly verify installation of remote AcuSensor agent
  • Different variants of the same vulnerability are consolidated under one alert node
  • Ability to specify label or tag instead of actual website parameter name in Input Fields node
  • Option to automatically randomize input for parameters specific in Input Fields node

New security checks

  • Test for SQL Injection in URI
  • Stored SQL injection
  • Stored file inclusion
  • Stored directory traversal
  • Stored code execution
  • Stored file tampering
  • A whole new set of more advanced WebDav auditing checks
  • Automated form based authentication auditing checks (e.g. check if credentials can be brute forced)

Major Improvements

  • Consumes less bandwidth
  • Improved network traffic handling
  • HTTP authentication is now shared between all penetration testing tools
  • Improved HTTP Snifffer / Manual crawling process
  • Improved support for Web 2.0 requests and responses e.g. JSON, XML etc
  • Support for a wider variety of content-types
  • Improved Web 2.0 session management support
  • Imrpoved XSS (Cross-site scripting) security checks and detection rate
  • Added a number of new and improved existing web server security auditing techniques
  • Improved file upload security checks
  • Improved DNS auditing scripts