Acunetix 360 On-Demand

This update includes changes to the internal agents. The internal scan agent’s current version is 2.0.2.147. The internal authentication verifier agent’s current version is 2.0.2.147.

NEW FEATURES

• [Early Access] Added the Business Logic Recorder feature in Acunetix 360.
• [Early Access] Added support for Azure Key Vault.

IMPROVEMENTS

• [Early Access] Enhanced the Discovery Service to detect more relevant web applications.
• Improved the Late-Confirmation Storage Mechanism to lower disc usage.
• Improved the rate limit for the All Issues API endpoint.
• Added an API endpoint to better understand how many websites each user scanned.
• Added raw scan file expired status to the Scan Failure Reasons.
• Added the IsEnabled API endpoint for the OAuth2 setting.
• Updated the icons on the Trend Matrix page.
• Added logs to scheduled scans to identify the license issue when the scan couldn’t be launched.
• Improved the internal agent to check whether OAuth2 is enabled or not.
• Improved the Activity Log to include information on vulnerability profile changes.
• Improved the Scan Profiles API endpoint to include information on the imported URLs.

FIXES

• Fixed a bug that was caused by special characters that affected the Out of Scope node.
• Fixed a bug that caused the OAuth2 settings to disappear after being saved in a scan profile following enabling and disabling operations.
• Fixed a bug that caused the browse section to continue appearing on the Links/API definition page after the import process is canceled.
• Fixed a bug that throws errors on the summary page for technologies links.
• Fixed the issue that IP Address Restriction is not working on API access.
• Fixed an issue that shows the same vulnerabilities more than once in the scan summary reports.
• Fixed a bug that shows the soft-deleted scan policies when their URL is entered.
• Fixed a bug while excluding cookies during the scan.
• Fixed a bug that prevents scanning and verifier agents from being updated.
• Fixed a bug that prevents notifications from appearing on the user interface when data size is exceeded.
• Fixed imported links DLL mismatch problem for Postman and GraphQL.
• Fixed a bug that shows an empty list of possible GraphQL endpoints in the Security Checks list.
• Fixed a bug that throws 500 Internal Server Error returns upon the “GET issues/addressedissues” API call.
• Fixed a bug that throws 500 Internal Server Error returns upon the “GET /issues/todo” API call.

REMOVAL

• Removed the Ignore these extensions field from the scan policies page.

This update includes changes to the internal agents. The internal scan agent’s current version is 2.0.2.145. The internal authentication verifier agent’s current version is 2.0.2.145.

IMPROVEMENT

• Improved the scan agent to continue scanning in case of getting HTTP status errors like Forbidden, Unauthorized, and ProxyAuthenticationRequired for websites supporting TLS 1.3.

This update includes changes to the internal agents. The internal scan agent’s current version is 2.0.2.144. The internal authentication verifier agent’s current version is 2.0.2.144.

FIXES

• Fixed the bug that prevents the Netsparker Helper Service from working properly on cloud agents.

NEW FEATURES

• Added the feature to tag discovered websites.

IMPROVEMENTS

• Updated embedded chromium browser
• Added integration failed status for the Secrets and Encryption Management services.
• [Internal scan agent] Updated the scan agent update workflow. When there is a new update and users have more than one scan agent, the new version will be downloaded only once. Other scan agents will rely on this new package to update themselves.
• Added a drop-down to determine how many results are to be displayed on a page. The options are 20/50/100/200.
• Added a new explanation for the api/1.0/scans/unschedule endpoint to clear any ambiguity
• Added a filter that checks the number of issues being displayed on the global dashboard.
• Updated the scan profile to include the verified form authentication.
• Improved the IP filtering on the discovered websites’ page.

FIXES

• Fixed a bug that caused a broken website-scan relationship as a result of the inconsistent update.
• Fixed the inconsistent vulnerabilities listed in XML and CVS reports.
• Added the OnlySsoLogin parameter for SCIM so that users can determine if they want members to log in with SSO or not.
• Fixed the bug that caused the issues’ status to stay the same in the case of bulk editing.
• Fixed the SCIM API schema that showed incorrect responses for the group.
• Fixed a bug on the user interface that showed incorrect scan status.
• Fixed an issue with global servers in imported Swagger files.
• Fixed a bug that add duplicated users to a team when added using SCIM.
• Fixed the Azure board integration webhook issue caused by the status codes.

REMOVED

• Removed the agent platform selection option for the internal agents from the user interface.

This update includes changes to internal scan and authentication verifier agents. The internal scan agent’s current version is 2.0.2.139. The internal authentication verifier agent’s current version is 2.0.2.139.

IMPROVEMENT

• Added support for on-premises versions of CyberArk and HashiCorp Vault.
• Updated the Splunk plug-in to prevent exporting unnecessary HTML information to the Splunk ticket.
• Added ‘Is Encoded’ option to OAuth2 parameters.
• Adding the Connection Timeout option to the scan policy.
• Improved the Knowledge Base tab in the technical report section for the accessibility.
• Added the Browser Settings to scan policy.
• [Internal scan agent] Added report policy migration process while relaunching scan session to prevent launch scan issue.

FIXES

• Fixed a bug with displaying cookie names in scan policy.
• Fixed a Globally Unique Identifier bug that assigned zero to a custom vulnerability when identified.
• Fixed a bug that prevents from editing an internal website.