Archive for category: Acunetix Security

Acunetix Version 13 (build 13.0.200205121 – Windows and Linux) 5th February 2020 – Acunetix Pricing 

New Features in Acunetix Version 13

• New Acunetix web UI
• Network Scanner integration (Improved)
• Malware Detection using Windows Defender on Windows & ClamAv on Linux
• Smart Scan
• New scanning algorithm prioritises scanning tasks and reduces scanning time
• Proof of exploit is reported in the vulnerability alerts
• Incremental Scans
• Vulnerability Confidence Rating for web vulnerabilities
• Brand New GitLab Issue Tracker Integration
• Brand New Bugzilla Issue Tracker Integration
• Brand New Mantis Issue Tracker Integration
• Ability to create Login Sequence from Selenium script
• New WADL import file
• New ASP.NET Webforms import file
• New Postman import file
• New Paros import file
• Ability to create custom checks
• Highlighting of vulnerability in HTTP response
• DeepScan provides better support for Angular 2, Vue and React JavaScript Frameworks
• Unlimited network scanning for Acunetix Premium customers
• Account Session Timeout settings
• Account Maximum Consecutive Login Failure settings

New Vulnerability Checks in Acunetix 13

• New check for publicly accessible Bitrix server test script
• New check for publicly accessible NGINX+ dashboard
• New check for unrestricted access to NGINX+ API endpoints
• New check for outdated TLS version
• New check for Citrix Netscaler Unauthenticated Remote Code Execution (CVE-2019-19781)
• New check for Kentico CMS Deserialization RCE
• New check for Cross site scripting via Bootstrap
• New check for Django weak secret key
• New check for Oracle Weblogic T3 XXE (CVE-2019-2888)
• New check for leakage of API keys
• New check for JWT weak secret key
• New check for JWT none algorithm
• New check for publicly exposed .NET HTTP Remoting
• New check for .NET BinaryFormatter Object Deseralization vulnerabilities
• New check for Apache Solr Parameter Injection
• New check for Ruby framework weak secret key
• New check for Tornado weak secret key
• New check for BottlePy weak secret key
• New WordPress Core & plugin vulnerability checks
• New Joomla Core vulnerability checks
• New Drupal Core vulnerability checks

Updates

• Improved memory consumption for the scanner
• PDF reports now have page numbers
• Generic User-agent will be used for communication with issue trackers
• All lists in Acunetix UI can be sorted
• Easier filtering options in the Acunetix UI
• Settings can now be accessed from the side-bar
• Links discovered by AcuSensor are given more prominence
• Improved processing of XML and JSON POST input schemes
• Scanner will try to replay the LSR playback actions a number of times before failing
• Improved Auto-Login
• Multiple updates in the Login Sequence Recorder
• Developer report updated to include Source file, line number and other details provided by AcuSensor
• Acunetix now supports scanning domains with international characters
• Increase page size limit to 20Mb in scanner and LSR
• Improved detection of Possible Sensitive Files
• Improved detection of email addresses
• Improved detection of Command Injection
• Improved detection of database backup files
• Improved detection of XXE

Fixes

• Fixed issue in Developer report showing incorrect parameter name for detected vulnerabilities
• Fixed: “Tester” user role will not be able to create reports
• upgrades on Linux were not removing all files from previous installation
• Fixed issue with Manual Intervention
• Fixed: Session cookies where not always collected by LSR
• Fixed: Incorrect processing of URLs with “{” character
• Fixed a number of crashes in scanner
• Fixed issue causing scanner proxy to unintentionally transform parts of the HTTP request
• Fixed false positive in the detection of Apache Tomcat Remote Code Execution
• Fixed issues causing some links not to be properly imported by the importer
• Fixed issue with license activation when proxy and authentication is used
• Fixed issue causing session to get lost when Deepscan is used