Acunetix Standard & Premium

• Huge improvement in memory handling – Memory handling is now done in a much more efficient way and temporary data is now stored by default onto the hard drive freeing up a LOT of system memory especially when dealing with large websites.
• Introduced pre-conditions to various vulnerability tests – this will check if vulns can actually exist in a certain environment before starting to test for then – thus avoiding checking for vulnerabilities in vain and at the same time speeding up the scanning time.
• Summary view for alert nodes – avoids long delays in displaying all alerts under a node
• Added “Current Test” information to the scan information view
• Improvements in HTTP Fuzzer
• Fixed JavaScript issue with parsing certain websites
• Fixed validation when saving login sequence file
• Fixed crash with error “sitefile parts already loaded”
• Fixed Web Services Scan Wizard detection of Inputs for particular WSDL URLs
• Fixed Web Services Scaner crash when clicking on some elements of the tree structure

New Tools / Applications

• Subdomain Scanner
• Web Services Scanner
• Web Services Editor
• Reporter Application

General Improvements

• Microsoft WindowsVista Support
• Visual Interface Improvements with new graphics and buttons
• Source View in various parts of the product
• Password protection for all Acunetix Tools and applications
• Upgrading from Previous Versions/Builds keeps all Settings and Configurations

Reporting Improvements

• New Reporter Application
• Detailed Scans View from the Database
• Standard Report Templates: Developer, Executive, Vulnerability
• Scan Comparison Templates
• Statistical Templates: Yearly, Monthly, etc..
• Compliance Reports Templates: PCI, Sarbanes-Oxley, HIPAA, etc..

Crawler Improvements

• Manual Choice of Files from the Site Structure
• Directory Recursion (loop) Detection
• URL Rewrite Detection and Warning to User
• Improved Filtering (replacing the old search functionality)

Scanner Improvements

• New Scanning Mode Option: Quick, Heuristic and Full
• Multi-Step Scanning
• Stored XSS Tests
• Header Manipulation
• Improved Blind SQL Injection Tests
• Improved Mod_Rewrite Support
• Improved Filtering (replacing the old search functionality)
• Grouping of Test Variants
• Sitemaps Support
• Added New Vulnerability Tests

Scheduler Improvements

• Support for Web Services Scheduled Scans
• New options for Source and Output of Scans
• Mail Notifications

Command Line Improvements

• New options added to support more functions like the full application
• Web Services Scans
• Mail Notifications

Database Improvements

• Significantly Reduced DB Size by 90%
• New Database Structure (conversion tool available to upgrade from v4 structure)

New Features

• Added a test for PHP-CGI remote code execution (http://www.exploit-db.com/exploits/29290/)
• Added a test which checks for SSL certificates with a Public Key length less than 2048 bit (http://www.geotrust.com/resources/2048-bit-compliance/)
• Added a test that checks for Microsoft IIS server service.cnf file

Improvements

Improved XSS testing script. From an alert, clicking on the affected file takes the user to the file in the site structure. This is useful when additional information on the affected file is required (such as the referrers in the case of Broken links, or the source of the web page) DOM XSS alerts will include more information (such as the HTML written for document.write) Improved Code Execution script to find more specific issues and reduce the number of requests performed

Bug Fixes

Fixed an issue causing a deadlock. Fixed false positives shown in broken links Fixed some false positives with Script_Source_Code_Disclosure.script Fixed DOM XSS false positives Fixed an issue with Analyze_Parameter_Values script causing the script not to parse relative paths correctly Fixed false positives with Slow HTTP Denial Of Server script