Acunetix Standard & Premium

New Features

• New web-based user interface
• Targets are now stored in Acunetix with their individual settings, and can be easily re-scanned.
• Targets can be classified by their Business Criticality
• Reports are stored in the central interface
• Users can choose between “Target reports”, “Scan reports” or “All vulnerabilities reports”
• Role-based multi-user system, allowing users to be assigned the security scanning of specific targets.
• All vulnerabilities for all the targets are now shown in one list which can be easily filtered.
• Export vulnerabilities to F5 BIG-IP ASM and Fortinet FortiWeb Web Application Firewalls directly from within Acunetix
• Acunetix now supports sending vulnerabilities to these Issue trackers: Github, JIRA and Microsoft Team Foundation Service (TFS)
• Documentation is now inbuilt into the new interface
• New Dashboard, providing an instant overview of the security status of your assets.

Improvements

• The Acunetix tools are being released as a separate installation and can be downloaded from https://www.acunetix.com/vulnerability-scanner/free-manual-pen-testing-tools/
• Various updates and bug fixes

New Features

• New check for WordPress 4.5.2 Security Release

New Features

• New version of .NET AcuSensor (requires removal of the sensors installed in the web applications – check this blog post for more info)
• Implemented a test looking for JSP source code disclosure via SOH (start of header)
• Added a script for parsing specific Java error messages to improve crawling coverage and discover new content.

Improvements

• Improved backup config files discovery
• Request cookies will now be automatically processed from proxy log requests and used during a scan
• The Crawler now processes untrusted URLs even if they do not belong to the host being scanned.

Bug Fixes

• Fixed a number of false positives in the SQL injection vulnerability checks
• Limit AST parsing to files smaller than 1Mb
• Fixed an SQL injection vulnerability in the reporter.

New Features

• Implemented support for automatically scanning Drupal and Joomla! web applications using a proprietary database of vulnerabilities
• Implemented support for CVSS v3.0 for most vulnerabilities
• Added a test for HTTP Response Splitting in Node.js (CVE-2016-2216)
• Added a test for Magento Cacheleak vulnerability
• Added a test looking for ASP.NET diagnostic pages
• Implemented a test looking for XXE (XML External Entity injection) in SAML (Security Assertion Markup Language) payloads
• Added a test for vulnerabilities presented in the Perl Jam 2 presentation
• Added a test for Atlassian Jira 6.0.* <= 6.1.4 DOM-based XSS
• Added a test for AngularJS client-side template injection
• Added a test for Rails Dynamic Render to RCE (CVE-2016-0752)
• Added a test looking for LiteSpeed request header injection
• Added a test for Path Traversal in Oracle GlassFish Server Open Source Edition
• Parse Javascript files using an Abstract Syntax Tree Parser to extract various information useful for the crawler.

Improvements

• Improved Blind and Error-based SQL injection tests
• Improved XSS tests
• Big improvements to the XXE (XML External Entity) tests
• Improved static crawling by parsing of JavaScript event handler parameters.
• Improve Email header injection test based on the paper from http://www.mbsd.jp/Whitepaper/smtpi.pdf