Posts

Acunetix Version 13 Released!

Acunetix Version 13 (build 13.0.200205121 – Windows and Linux) 5th February 2020 – Acunetix Pricing 

New Features in Acunetix Version 13

  • New Acunetix web UI
  • Network Scanner integration (Improved)
  • Malware Detection using Windows Defender on Windows & ClamAv on Linux
  • Smart Scan
  • New scanning algorithm prioritises scanning tasks and reduces scanning time
  • Proof of exploit is reported in the vulnerability alerts
  • Incremental Scans
  • Vulnerability Confidence Rating for web vulnerabilities
  • Brand New GitLab Issue Tracker Integration
  • Brand New Bugzilla Issue Tracker Integration
  • Brand New Mantis Issue Tracker Integration
  • Ability to create Login Sequence from Selenium script
  • New WADL import file
  • New ASP.NET Webforms import file
  • New Postman import file
  • New Paros import file
  • Ability to create custom checks
  • Highlighting of vulnerability in HTTP response
  • DeepScan provides better support for Angular 2, Vue and React JavaScript Frameworks
  • Unlimited network scanning for Acunetix Premium customers
  • Account Session Timeout settings
  • Account Maximum Consecutive Login Failure settings

New Vulnerability Checks in Acunetix 13

Updates

  • Improved memory consumption for the scanner
  • PDF reports now have page numbers
  • Generic User-agent will be used for communication with issue trackers
  • All lists in Acunetix UI can be sorted
  • Easier filtering options in the Acunetix UI
  • Settings can now be accessed from the side-bar
  • Links discovered by AcuSensor are given more prominence
  • Improved processing of XML and JSON POST input schemes
  • Scanner will try to replay the LSR playback actions a number of times before failing
  • Improved Auto-Login
  • Multiple updates in the Login Sequence Recorder
  • Developer report updated to include Source file, line number and other details provided by AcuSensor
  • Acunetix now supports scanning domains with international characters
  • Increase page size limit to 20Mb in scanner and LSR
  • Improved detection of Possible Sensitive Files
  • Improved detection of email addresses
  • Improved detection of Command Injection
  • Improved detection of database backup files
  • Improved detection of XXE

Fixes

  • Fixed issue in Developer report showing incorrect parameter name for detected vulnerabilities
  • Fixed: “Tester” user role will not be able to create reports
  • upgrades on Linux were not removing all files from previous installation
  • Fixed issue with Manual Intervention
  • Fixed: Session cookies where not always collected by LSR
  • Fixed: Incorrect processing of URLs with “{” character
  • Fixed a number of crashes in scanner
  • Fixed issue causing scanner proxy to unintentionally transform parts of the HTTP request
  • Fixed false positive in the detection of Apache Tomcat Remote Code Execution
  • Fixed issues causing some links not to be properly imported by the importer
  • Fixed issue with license activation when proxy and authentication is used
  • Fixed issue causing session to get lost when Deepscan is used

SQL Injection Flaws on Web Sites leads to Biggest Data Breach in History

A Russian Cyber Gang, Dubbed CyberVors by Hold Security (who identified the data breach), have stolen over 4.5 Billion Records, mostly containing user credentials from over 420,000 Web and FTP sites.  This represents the largest known data breach in history with dire implications. The CyberVors accomplished this gaining control of a botnet network (a large group of virus-infected computers controlled by 1 criminal system) which they used to identify SQL vulnerabilities on the sites they visited.

How you to protect yourself and your company.

Individuals – Change your credentials using strong passwords.  See this PC Magazine article for some best practices – Creating Strong Passwords

Companies – Check your web site(s) for vulnerabilities.  The CyberVors found sites vulnerable to  SQL Injection.  SQL Injection is one of the most common vulnerabilities found on web sites.   Alliance Technology Partners specializes in Web Security and is the Acunetix Preferred Partner.  We sell, train, and consult IT and Security professionals on how to use Acunetix.  We have the only security engineers directly trained by Acunetix in the US.  We also offer Our Pen Testing and Audit Services.

About Alliance Technology Partners Alliance is IT Solution provider based in St. Louis that specializes in web security.  We help Fortune 1000 and the Government (Federal, State, and Local) secure their web sites.  We offer Web Vulnerability Software (Acunetix) as well as our expertise to assist our clients in their mission to secure their networks.  We offer training and ongoing consulting options.

Why we chose the Acunetix Web Vulnerability Scanner

We at Alliance have help our clients with their IT security for several years and came across Acunetix in 2007.  We immediately saw value in the product.  We had been using open source tools (like BURP, which are still helpful) but Acunetix has some big advantages.  Acunetix is much more efficient and offers a full range of features.  It is also highly configurable so you can perform scans that require authentication and do it in a safe and thorough way.  It also tests for the latest vulnerabilities, which is crucial.  Many open source tools are unreliable and take more time.   Another major advantage of Acunetix is price.  It is substantially less expensive that other tools, yet Acunetix continues to innovate and remains a leader in the Web Application Security space.

Here’s some important features we like about the Acunetix Web Vulnerability Scanner –

  • AcuSensor Technology
  • Industry’s most advanced and in-depth SQL injection and Cross site scripting testing
  • Advanced penetration testing tools, such as the HTTP Editor and the HTTP Fuzzer
  • Visual macro recorder makes testing web forms and password protected areas easy
  • Support for pages with CAPTCHA, single sign-on and Two Factor authentication mechanisms
  • Extensive reporting facilities including PCI compliance reports
  • Multi-threaded and lightning fast scanner – processes thousands of pages with ease
  • Intelligent crawler detects web server type, application language and smartphone-optimized sites.
  • Acunetix crawls and analyzes different types of websites including HTML5, SOAP and AJAX
  • Port scans a web server and runs security checks against network services running on the server