Changelogs

Acunetix Standard & Premium

RSS Feed

v11.0. 170540920 - 23 Feb 2017

Copy Link Copy Link
Version 11 (build 11.0. 170540920) – 23rd February 2017

Updates

  • AcuMonitor registration setting is now remembered between license activations
  • Various updates to the WordPress and Joomla vulnerability checks
  • Acunetix now accepts .der, .p12 and .pfx file extensions for client certificates
  • Login Sequence Recorder (LSR) now better supports sites using ES6 features

Fixes

  • In certain situations, the auto-login details for a Target were not correctly stored, resulting the login credentials not being used during a scan
  • Fixed issue with parsing of addresses
  • Fixed issue causing auto-updating of the product to not be done for some licenses. Affected customers will be notified by email.

v11.0.170461052 - 15 Feb 2017

Copy Link Copy Link
Version 11 (build 11.0.170461052) - 15th February 2017

Updates

  • Creation of custom scanning profiles is possible from the Acunetix web UI.
  • Manual Intervention events can be configured as part of a Login Sequence for Captchas and two factor authentication
  • Retesting of vulnerabilities discovered by Acunetix
  • The ability to disable AcuMonitor at license activation
  • Comparison report for two scans of the same Target
  • Reports are now available in both PDF and HTML
  • The site structure is now shown in a hierarchical tree view
  • Excluded hours can be configured per Target, in which no scans will be performed by Acunetix
  • Added information on weak SSL key ciphers
  • The Acunetix license activation allows the user to opt out of AcuMonitor registration
  • Various updates to the WordPress and Joomla vulnerability checks

Fixes

  • Notifications for vulnerabilities discovered by AcuMonitor now include a link taking the user to the vulnerability identified
  • Various bug fixes in the UI
  • Changed scan status message when scanned target is not responsive
  • Fix in Relative Path Overwrite vulnerability check
  • Various updates and fixes related to AcuMonitor
  • Improved URL validation

v11.0.163541031 - 19 Dec 2016

Copy Link Copy Link
Version 11 (build 11.0.163541031) - 19th December 2016

New Features

  • Acunetix Enterprise users can now generate their API key to be used for the Acunetix API (contact sales@acunetix.com for more information on the API)
  • Selenium IDE files are now supported as Import files in Acunetix v11
  • The Acunetix Login Sequence Recorder can now edit login sequence files.

New Vulnerability Tests

Improvements

  • The Acunetix UI will show a message when the license is not activated.
  • The Login Sequence Recorder will make use of the proxy settings configured for the Target.
  • Better handling of cookies.

Bug Fixes

  • Fixed reports generated for targets that have not been scanned
  • Fixed allowance of empty Import Files to be uploaded for a Target
  • Some information returned by AcuSensor was not reflected in the vulnerability details
  • Fixed false positive in the ASP.NET debug mode check
  • Various minor updates and fixes

v11.0.163221044 - 17 Nov 2016

Copy Link Copy Link
Version 11 (build 11.0.163221044) - 17th November 2016

New Features

  • New web-based user interface
  • Targets are now stored in Acunetix with their individual settings, and can be easily re-scanned.
  • Targets can be classified by their Business Criticality
  • Reports are stored in the central interface
  • Users can choose between “Target reports”, “Scan reports” or “All vulnerabilities reports”
  • Role-based multi-user system, allowing users to be assigned the security scanning of specific targets.
  • All vulnerabilities for all the targets are now shown in one list which can be easily filtered.
  • Export vulnerabilities to F5 BIG-IP ASM and Fortinet FortiWeb Web Application Firewalls directly from within Acunetix
  • Acunetix now supports sending vulnerabilities to these Issue trackers: Github, JIRA and Microsoft Team Foundation Service (TFS)
  • Documentation is now inbuilt into the new interface
  • New Dashboard, providing an instant overview of the security status of your assets.

Improvements

v10.5.20160520 - 20 May 2016

Copy Link Copy Link
Update v10.5.20160520 - 20th May 2016

Bug Fixes

  • Fixed minor bugs reported

v10.5.20160504 - 05 May 2016

Copy Link Copy Link
Build v10.5.20160504 - 5th May 2016

Improvements

  • Updated the PCI DSS compliance report for PCI DSS 3.2
  • Updated the NIST Special Publication 800-53 – Recommended Security Controls for Federal Information Systems compliance report to comply with revision 4 of the publication

Bug Fixes

  • Fixed a bug that could result in remote code execution

v10.5.20160427 - 27 Apr 2016

Copy Link Copy Link
Build v10.5.20160427 - 27th April 2016

New Features

  • New version of .NET AcuSensor (requires removal of the sensors installed in the web applications – check this blog post for more info)
  • Implemented a test looking for JSP source code disclosure via SOH (start of header)
  • Added a script for parsing specific Java error messages to improve crawling coverage and discover new content.

Improvements

  • Improved backup config files discovery
  • Request cookies will now be automatically processed from proxy log requests and used during a scan
  • The Crawler now processes untrusted URLs even if they do not belong to the host being scanned.

Bug Fixes

  • Fixed a number of false positives in the SQL injection vulnerability checks
  • Limit AST parsing to files smaller than 1Mb
  • Fixed an SQL injection vulnerability in the reporter.
1 16 17 18 27