The new Acunetix Web Vulnerability Scanner 8 build includes a new crawler feature to automatically ignore duplicate input schemes in the same directory. With this new crawler feature, scans will take less time to complete and less traffic is generated during a scan. The new build also includes a number of new security checks, improvement of already existing checks, such as the Cross-site scripting security check and a number of bug fixes.

New Features

New Web Security Checks:

  • SQL Injection tests for OpenX web application
  • Cross-site scripting checks for IBM Lotus Domino Web Server
  • Search for MySQL connection details when scanning a website
  • Detection of phpMyAdmin v3.5.2.2 backdoor

Improvements:

  • Further enhanced the XSS security check
  • Improved Remote file inclusion security check
  • Local file inclusion tests have been improved to better handle Java based applications
  • When importing scan results to reporting database using the console, the database scan ID will be reported

Bug Fixes:

Fixed a crash when trying to stop the crawler and the CSA engine was still working
User specified client certificates are now being used by the Login Sequence Recorder
The exit button from LSR was not fully visible in some situations
Login Sequence Recorder now uses the configured scan settings templates
Manual browser now uses the correct user specified User-Agent string

How to Upgrade to Build 20121003

On starting Acunetix WVS 8, a pop-up window will automatically notify you that a more recent build is available for download. Navigate to the General > Program Updates node in the Tools explorer, click on Download and Install the new build.

View the complete Acunetix WVS change log here.

To keep up to date with the latest website security news, ‘Like’ the Acunetix Facebook Page, follow us on Twitter and read the Acunetix Blog.

SHARE THIS POST
THE AUTHOR
Acunetix

Acunetix developers and tech agents regularly contribute to the blog. All the Acunetix developers come with years of experience in the web security sphere.