Acunetix Web Vulnerability Scanner version 9, build 20131009 includes checks for HTML Injection, and adds the detection of weak passwords in Joomla! and Django’s Administrative interfaces. In addition, the new build includes the detection of readme documentation files, together with various other updates and fixes.
New Functionality
- Added a test looking for ReadMe documentation files. The information contained in these files could help an attacker identify the web application being used and sometimes the version of the application. It’s recommended to remove these files from production systems
- Added a test for HTML injection vulnerabilities
- Added a test for weak passwords in Joomla! Administrative interface
- Added a test for weak passwords in the Django Administrative interface
- Added a test for WordPress PHP Object Injection affecting versions lower than 3.6.1
Improvements
- Various updates in DeepScan resulting in improved site coverage
- Update in the way that the HTTP Editor detects the host header from the URL
- Acunetix now displays a warning if the user closes the application during a scan
- The Port scanner timeout connection can be configured in milliseconds, allowing for further fine-tuning of the timeout
Bug Fixes
- Fixed a crash in the user interface when certain components where updated from different threads
- Base64 tool has been updated to ignore CRLF
- Fixed issue causing the CSRF checks to never finish in some cases
- Fixed issue causing the Reporter to invalidate the default report in some cases when the settings were changed
- Fixed issue causing the default report button was not working in welcome screen
- Fixed crawler stall when maximum number of pages reached
- Fixed various memory leaks in crawler
- Various updates to the Scanning Profiles
How to Upgrade
If you are running Acunetix WVS 8, you should follow the upgrade instructions available in the “Upgrading from a previous version of Acunetix Web Vulnerability Scanner” in the Acunetix WVS user manual.
If you are running Acunetix WVS v9, you will be notified that a new build is available to download when you start Acunetix WVS. Navigate to the General > Program Updates node in the Tools explorer, click on Download and Install the new build.
You can see the complete Acunetix WVS change log here.
Get the latest content on web security
in your inbox each week.