Acunetix improves default roles

A new Acunetix Premium update has been released for Windows and Linux: 15.4

This Acunetix release improves the default roles. Acunetix offers role-based access control (RBAC) to efficiently manage user access. Thanks to RBAC, you can limit or authorize user access to Acunetix based on the user’s specific role. 

• This release brings improvements to user roles. The 15.4 release standardizes the roles in line with industry standards, thereby reducing confusion around role responsibilities. 
• The release also introduced new roles, updated existing role names, and expanded role permissions to enhance the user experience. 

For further information about the roles, see Overview of users and roles in Acunetix.

New features

• Improved the default roles.

New security checks

• Updated the WordPress plugin vulnerabilities.
• Updated the software composition analysis database.
• New security check for detection of ASP.NET core in the development mode.
• Added various checks for Content Security Policy misconfiguration.
• New security check for Oracle Web Applications Desktop Integrator unauthenticated takeover. (CVE-2022-21587)
• New security check for Deserialization RCE vulnerability in Oracle Access Manager OpenSSO Agent. (CVE-2021-35587)
• Updated the file extensions and parameter exclusions.
• New security check for F5 BIG-IP Cookie Remote Information Disclosure.
• New security check detecting retired hash functions usage in SAML.
• Improved the SQL injection check to identify whether the database user has admin privileges.

Improvements

• Added the Heuristic server-side routing detection to optimize attacks.
• Updated the embedded Chromium browser to v109.0.5414.119.
• Added the company name field to the registration process to Acunetix.
• Updated the issue tracker integrations to show the link to the relevant ticket created in those issue trackers.
• Updated the DISA STIG report to version 5.2.
• Improved the CSV importing link to limit the target limit to 500.
• Improved the scanner engine to reduce the memory footprint.
• Improved the .NET IAST sensor to mask any password.

Fixes

• Fixed the pagination bug on the Targets page.
• Fixed the crawler issue that the page becomes unresponsive when it contains many elements.
• Fixed the single-page application crawler to be consistent in the form submission.
• Fixed a notification bug that does not redirect users to the correct URL for the finished scan.
• Fixed the bug that does not refresh the user interface after the update.

Upgrade to the latest build

If you are already using Acunetix build 15.x, you can initiate the automatic upgrade from the new build notification on the About page. 

If you are using Acunetix build 14.x or earlier, you need to download Acunetix from here. Use your Acunetix license key to download and activate your product.

THE AUTHOR

Tuncay Kayaoglu