Acunetix Version 13 Released!
New Features in Acunetix Version 13
- New Acunetix web UI
- Network Scanner integration (Improved)
- Malware Detection using Windows Defender on Windows & ClamAv on Linux
- Smart Scan
- New scanning algorithm prioritises scanning tasks and reduces scanning time
- Proof of exploit is reported in the vulnerability alerts
- Incremental Scans
- Vulnerability Confidence Rating for web vulnerabilities
- Brand New GitLab Issue Tracker Integration
- Brand New Bugzilla Issue Tracker Integration
- Brand New Mantis Issue Tracker Integration
- Ability to create Login Sequence from Selenium script
- New WADL import file
- New ASP.NET Webforms import file
- New Postman import file
- New Paros import file
- Ability to create custom checks
- Highlighting of vulnerability in HTTP response
- DeepScan provides better support for Angular 2, Vue and React JavaScript Frameworks
- Unlimited network scanning for Acunetix Premium customers
- Account Session Timeout settings
- Account Maximum Consecutive Login Failure settings
New Vulnerability Checks in Acunetix 13
- New check for publicly accessible Bitrix server test script
- New check for publicly accessible NGINX+ dashboard
- New check for unrestricted access to NGINX+ API endpoints
- New check for outdated TLS version
- New check for Citrix Netscaler Unauthenticated Remote Code Execution (CVE-2019-19781)
- New check for Kentico CMS Deserialization RCE
- New check for Cross site scripting via Bootstrap
- New check for Django weak secret key
- New check for Oracle Weblogic T3 XXE (CVE-2019-2888)
- New check for leakage of API keys
- New check for JWT weak secret key
- New check for JWT none algorithm
- New check for publicly exposed .NET HTTP Remoting
- New check for .NET BinaryFormatter Object Deseralization vulnerabilities
- New check for Apache Solr Parameter Injection
- New check for Ruby framework weak secret key
- New check for Tornado weak secret key
- New check for BottlePy weak secret key
- New WordPress Core & plugin vulnerability checks
- New Joomla Core vulnerability checks
- New Drupal Core vulnerability checks
Updates
- Improved memory consumption for the scanner
- PDF reports now have page numbers
- Generic User-agent will be used for communication with issue trackers
- All lists in Acunetix UI can be sorted
- Easier filtering options in the Acunetix UI
- Settings can now be accessed from the side-bar
- Links discovered by AcuSensor are given more prominence
- Improved processing of XML and JSON POST input schemes
- Scanner will try to replay the LSR playback actions a number of times before failing
- Improved Auto-Login
- Multiple updates in the Login Sequence Recorder
- Developer report updated to include Source file, line number and other details provided by AcuSensor
- Acunetix now supports scanning domains with international characters
- Increase page size limit to 20Mb in scanner and LSR
- Improved detection of Possible Sensitive Files
- Improved detection of email addresses
- Improved detection of Command Injection
- Improved detection of database backup files
- Improved detection of XXE
Fixes
- Fixed issue in Developer report showing incorrect parameter name for detected vulnerabilities
- Fixed: “Tester” user role will not be able to create reports
- upgrades on Linux were not removing all files from previous installation
- Fixed issue with Manual Intervention
- Fixed: Session cookies where not always collected by LSR
- Fixed: Incorrect processing of URLs with “{” character
- Fixed a number of crashes in scanner
- Fixed issue causing scanner proxy to unintentionally transform parts of the HTTP request
- Fixed false positive in the detection of Apache Tomcat Remote Code Execution
- Fixed issues causing some links not to be properly imported by the importer
- Fixed issue with license activation when proxy and authentication is used
- Fixed issue causing session to get lost when Deepscan is used
