Acunetix Standard & Premium

New Features

• New scanning engine – faster and reports more vulnerabilities
• New vulnerability verifying techniques to reduce false positives
• New site crawler – ability to crawl a wider range of websites and find more parameters
• Scriptable Vulnerabilities – now vulnerability checks are written in JavaScript
• Ability to analyse website presentation layer to better understand website parameters’ functions
• Graphical Scan status interface presents you with more scan information
• Re-scan single vulnerability to avoid launching repetitive scans to verify fixes
• Support for HTTP Keep-alive
• DNS Caching to reduce multiple DNS requests
• Ability to control delay between requests
• HTTP authentication settings node – support for granular specifications of HTTP credentials
• Support for digest HTTP authentication mechanism
• AcuSensor Technology test button to quickly verify installation of remote AcuSensor agent
• Different variants of the same vulnerability are consolidated under one alert node
• Ability to specify label or tag instead of actual website parameter name in Input Fields node
• Option to automatically randomize input for parameters specific in Input Fields node

New security checks

• Test for SQL Injection in URI
• Stored SQL injection
• Stored file inclusion
• Stored directory traversal
• Stored code execution
• Stored file tampering
• A whole new set of more advanced WebDav auditing checks
• Automated form based authentication auditing checks (e.g. check if credentials can be brute forced)

Major Improvements

• Consumes less bandwidth
• Improved network traffic handling
• HTTP authentication is now shared between all penetration testing tools
• Improved HTTP Snifffer / Manual crawling process
• Improved support for Web 2.0 requests and responses e.g. JSON, XML etc
• Support for a wider variety of content-types
• Improved Web 2.0 session management support
• Imrpoved XSS (Cross-site scripting) security checks and detection rate
• Added a number of new and improved existing web server security auditing techniques
• Improved file upload security checks
• Improved DNS auditing scripts

New Feature

• Added OWASP top 10 2010 report template

Bug Fix

• Fixed: Proxy crashes when processing some specific SSL traffic

Bug Fixes

• Fixed: Login Sequence Recorder was not using client certificates when recording a login sequence
• Fixed: Login Sequence Recorder was not using the configured User Agent string
• Fixed: HTTP Sniffer was not handling some specific web authentication properly

New security check

• Test for Cross Site Scripting in the Referrer header

Improvement

• Acunetix Firefox extension now supports latest Firefox release

Bug Fixes

• Crawler: Html decode form inputs before usage
• Fixed an infinite recursion when crawler reported an external link from the same host but on a different port
• Fixed an issue with the crawler with parsing robots.txt file
• Web Services scanner: Fixed parsing of WSDL files with attributes

New security checks

• Test for File Upload IIS bug filename.asp;.jpg
• Test for WP-Forum 2.3 vulnerabilities
• JBoss rmi ping (network script)

Bug Fixes

• Bugfix: Modified forms notifications from CSA
• Bugfix: CSA: Workaround for window.open with null parameters
• Fixed: In some specific scenarios the scheduler queue was restarting on its own
• Fixed: Node was not expanding automatically when manually adding a new logout link in the LSR