Once a user is infected, the malicious code can do a variety of things. It can change the color scheme of the page the user is viewing. It can do more nasty things such as replacing images with pornographic content. Using the same techniques, links on the page may be re-written to point to malicious locations. Sometimes clicks can also be forced, simulating user action without his knowledge. Another popular XSS attack reads out the user’s cookie and transmits it to the hacker. This allows him to impersonate the user and hijack his session. If the user happens to be the system administrator, the hacker can take over the entire website.

In this video tutorial I demonstrate what an XSS attack is to show you how a hacker can use XSS vulnerabilities to hack into your website. I start the video by explaining the mechanisms of cross site scripting, and I proceed to demonstrate a number of pranks you can play on unsuspecting users. I also demonstrate how cookies can be stolen to hijack sessions and I take a peek into the vulnerable code that allows such attacks. I hope that this video will both entertaining and educational, and that by learning about XSS you can keep your own website safer.

New features

• The Client Script Analyzer engine now supports jquery + jquery UI + YUI library
• New URL Rewrite option; Match full URI. If this option is enabled, a URL rewrite rule can be matched against the whole URI and not just path

Improvement

• Major improvements in AcuSensor Technology for PHP

Bug fix

• Fixed: Login Sequence Recorder not using Proxy settings specified in WVS settings

How to upgrade to build 20111005:

On starting up Acunetix Web Vulnerability Scanner, a pop up window will automatically notify you that a more recent build is available for download.  To download the latest build, navigate to General > Program Updates node in the Tools explorer, and click on Download and Install new build.

Click here for the complete Acunetix WVS change log.

Contact us on support@acunetix.com for any technical queries, and on sales@acunetix.com for any sales queries.

New security check

• Security checks for Apache httpd remote denial of service

Improvements

• Firefox plugin now supports Firefox v.6
• Inclusion of more variables discovered by Acusensor during a scan

Bug fixes

• Fixed HTTP verb tampering security checks with further reduction of false positives
• Paths edited in HTTP Authentication settings node are being saved correctly
• Actions menu is appearing correctly in the Small Business Edition

How to upgrade to build 20110823:

On starting up Acunetix WVS, a pop up window will automatically notify you that a more recent build is available for download.  To download the latest build, navigate to General > Program Updates node in the Tools explorer, and click on Download and Install new build.

Click here for the complete Acunetix WVS change log.

Contact us on support@acunetix.com for any technical queries, and on sales@acunetix.com for any sales queries.

New Security checks

• Complex security check for Timthumb (detects WordPress installations and checks for vulnerable plugins and themes. Includes bruteforcing capabilites to look for plugins/themes that contain the Timthumb script)
• Security check for Sun/Oracle GlassFish Server Authentication Bypass (same check includes some additional checks for GlassFish)

Updates

• Updated Firefox plugin to support Firefox 5

Bug fix

• Fixed an enumeration problem while parsing a WSDL with inputs that have a lot of possible values

How to upgrade to build 20110823:

On starting up Acunetix WVS, a pop up window will automatically notify you that a more recent build is available for download.  To download the latest build, navigate to General > Program Updates node in the Tools explorer, and click on Download and Install new build.

Click here for the complete Acunetix WVS change log.

Contact us on support@acunetix.com for any technical queries, and on sales@acunetix.com for any sales queries.

In this video tutorial we will demonstrate what is an SQL injection vulnerability, how a malicious user exploits an SQL Injection to steal credit card numbers and other customer data from your website and also how to fix SQL Injection vulnerabilities using practical examples.

In this step by step guide we will also show you how to perform an effective SQL Injection scan with Acunetix Web Vulnerability Scanner, and explain in technical detail what is happening behind the scenes while exploiting an SQL Injection attack against a test website.

If you have any queries regarding Acunetix Web Vulnerability Scanner or web security in general, visit the Acunetix web security forums.

If you are an Acunetix Web Vulnerability Scanner user (free or commercial) feel free to post any queries or suggestions you might have about configuring and using Acunetix WVS, and also about securing your web applications.  Please note that this forum is mostly user to user, and posts are NOT always answered by Acunetix staff.  Before you post your queries, we suggest you read the forums rules.

If you have Acunetix Web Vulnerability Scanner feature requests, post your idea in our new Feature Request System. You can read more about it here.

We thank you in advance for your cooperation and look forward to hear from you!

New feature:

•     Included IMAGE tag with source in crawler for more detailed crawling data

Improvements:

•     Improved Cross-site scripting checks.
•     Introduced a number of improvements in the Client Script Analyzer (CSA) module for better Web 2.0 crawling.

Bug fixes:

•     Fixed crash in Login Sequence Recorder when accessing specific sites with frames.
•     Fixed Access Violation in fuzzer if XML filetype is selected and set an invalid filename.
•     Fixed issue when authenticating against websites using Digest and NTLM.
•     Fixed a file browser crash if visualizing file during scanning.
•     Fixed a crash when loading saved scans from specific websites.
•     Corrected interpretion of HTML encoding in Crawler.
•     Fixed Access Violation in HTTP Fuzzer.

How to upgrade to build 20110711:

On starting up Acunetix WVS, a pop up window will automatically notify you that a more recent build is available for download.  To download the latest build, navigate to General > Program Updates node in the Tools explorer, and click on Download and Install new build.

Click here for the complete Acunetix WVS change log.

Contact us on support@acunetix.com for any technical queries, and on sales@acunetix.com for any sales queries.

• http://ideas.acunetix.com

You can login using your facebook, google or twitter account and thus you do not have to create an additional account and remember the password. We look forward to hear your ideas and feature requests!

About Acunetix

Acunetix was founded in 2004 to combat the alarming rise in web attacks. Its flagship product, Acunetix Web Vulnerability Scanner, is the result of several years of work by a team of highly experienced security developers. Leading International companies and organisations such as NASA, the US Air Force, The Pentagon, PricewaterhouseCoopers and Sony use Acunetix Web Vulnerability Scanner to protect their websites and web applications. Acunetix WVS has won numerous awards including the WindowSecurity.com Web Application Security award for four times in succession. Acunetix is a privately held European company with offices in the UK, Cyprus and Malta. For more information about Acunetix, visit: http://www.acunetix.com.

Hacking is on the rise and the number of victims is increasing every day. See how firewalls, SSL and locked-down servers can’t stop your web applications and websites from being hacked but how Acunetix protects them with:

• The industries’ most advanced and in-depth SQL injection and Cross Site scripting testing
• State of the art crawler technology which includes a client script analyzer engine
• Detailed reports that pinpoint security issues right down to the exact line of code
• Low False Positives

One lucky Acunetix Facebook follower will be selected at random to win an iPad 2! All you have to do is follow Acunetix on Facebook. If you’re not a follower, visit http://www.facebook.com/Acunetix and click Like.

Acunetix will be hosting several prize draws for its Facebook followers. You could be just a couple of clicks away from winning an iPad 2!

The winner will be announced on the Acunetix Blog and on the Acunetix Facebook page at the end of August 2011.

USA, June 13 2011 – Acunetix, developer of leading website security scanning software, today announced that the United States Air Force has selected Acunetix Web Vulnerability Scanner to defend against millions of cyber-attacks every day.

The US Air Force runs mission-critical web applications on several hundred web servers and therefore needs to have the highest level of security possible. The US Air Force needed a scanner that was flexible and highly configurable in order to meet their strict internal IT policies. With the competitive price and high level of support Acunetix also provides, it became the web scanner of choice.

“We tried eEye’s Retina web security scanner, HP’s WebInspect and another dozen web security tools, but only Acunetix WVS gave us the ability to modify vulnerability checks and scan for the ever growing threat of web application vulnerabilities. The speed in which it performs the checks is also unbeatable.  Acunetix has proven itself and is worth the cost.” – Mr. Rodgers, US Air Force

“Acunetix is able to make in depth checks for security vulnerabilities and features AcuSensor technology which allows it to increase the accuracy, find more vulnerabilities and reduce false positives. We are proud that the US Air Force relies on Acunetix and its cutting edge technology in the defense of their web servers. As Acunetix WVS is being used by international organisations, institutions and companies, Acunetix has the experience to match the demands of the US Air Force.” – Nick Galea, Acunetix CEO

Read the full US Air Force case study here to see why Acunetix Web Vulnerability Scanner is the USAF scanner of choice.

About Acunetix
Acunetix was founded in 2004 to combat the alarming rise in web attacks. Its flagship product, Acunetix Web Vulnerability Scanner, is the result of several years of work by a team of highly experienced security developers. Leading International companies and organisations such as NASA, the US Air Force, The Pentagon, PricewaterhouseCoopers and Sony use Acunetix Web Vulnerability Scanner to protect their websites and web applications. Acunetix WVS has won numerous awards including the WindowSecurity.com Web Application Security award for four times in succession. Acunetix is a privately held European company with offices in the UK, Cyprus and Malta. For more information about Acunetix, visit: http://www.acunetix.com.

About US Air Force
The mission of the United States Air Force is to fly, fight and win … in air, space and cyberspace. To achieve that mission, the Air Force has a vision of Global Vigilance, Reach and Power. That vision orbits around three core competencies: developing Airmen, technology to war fighting and integrating operations. These core competencies make our six distinctive capabilities possible. For more information, please visit: http://www.airforce.com/

Bug Fixes:

Fixed: The Acusensor Technology files were updated incorrectly.
Fixed: Access Violation when scan is stopped.
Fixed: User interface incorrect behaviour.

How to Upgrade to Build 20110518:

On starting up Acunetix WVS, a pop up window will automatically notify you that a more recent build is available for download. To download the latest build, navigate to General > Program Updates node in the Tools explorer, and click on Download and Install new build.

Click here for the complete Acunetix WVS change log.

Contact us on support@acunetix.com for any technical queries, and on sales@acunetix.com for any sales queries.

The event will be held on May 12th and 13th 2011.

The conference will talk about the latest legislative information, products, services and more related to information security. This is a good opportunity to learn the latest news and strategies around IT Security and have any questions answered about Acunetix Web Vulnerability Scanner.

For more information, please visit the InfoSec Summit website here.

During this period ComGuard will also be offering a 15% discount on Acunetix Web Vulnerability Scanner. The Acunetix Knowledge Quiz and discount period will run from May 5th 2011 through to the end of June 2011.

Please note that these promotions only apply to residents of the U.A.E. For more information, please visit the ComGuard website here.

By using two well known web applications that were purposely developed with vulnerabilities in order to facilitate web application testing and research (Damn Vulnerable Web Application (DVWA) and the IBM AppScan demo site called Testfire), it was time to see whether these claims were accurate and to determine the weaknesses and strengths of more affordable options. InfoSec Island’s Mark Baldwin put them to the test.

“Fortunately, in recent years, two companies have developed commercial webapp scanners that rival the features, the speed, the usability and the accuracy of any commercial tool on the market.  And they do it at a price point that just about any small business or independent consultant can afford”, said Baldwin.

So what did they have to say about these scanners, including Acunetix? “The strength of Acunetix lies in its ability to quickly detect a wide variety of vulnerabilities with little need for advanced tuning and configuration.  However, for those who desire more control over the tests and like to get their hands dirty, Acunetix provides the flexibility and built-in tools that even the most advanced pen testers will appreciate. ”

Acunetix Web Vulnerability Scanner proved impressive. “With Acusensor enabled, Acunetix detected 8 of the 9 specifically crafted vulnerabilities in DVWA.” It did this without any false positives, “Both Netsparker and Acunetix did a very good job of not reporting false positives. None of the reported vulnerabilities in my tests were discovered to be false positives.”

It looks as though those claiming that the most expensive web vulnerability scanners are the best need to re-think their position! You can read the full independent review by Mark Baldwin over at Infosec Island, here.

New feature:

• AcuSensor details are now exported in the report as well.

Bug Fixes:

• Fixed a bug in cross domain check script.
• Fixed 2 crashes in the scanner software.
• Fixed a bug in DOM XSS security check

How to Upgrade to Build 20110406:

On starting up Acunetix WVS, a pop up window will automatically notify you that a more recent build is available for download. To download the latest build, navigate to General > Program Updates node in the Tools explorer, and click on Download and Install new build.

Click here for the complete Acunetix WVS change log.

Contact us on support@acunetix.com for any technical queries, and on sales@acunetix.com for any sales queries.

Head over to DMC Technology-Scotland at stand AB16 to have  your questions about Acunetix answered and to also be entered into a prize draw for a Thinkpad T410 i5-520M!

Details of the events can be found here.

Hackers are constantly experimenting with a wide repertoire of hacking techniques to compromise websites and web applications and make off with a treasure trove of sensitive data including credit card numbers, social security numbers and even medical records.

Cross Site Scripting (also known as XSS or CSS) is generally believed to be one of the most common application layer hacking techniques.  As a matter of fact, the Web Hacking Incident Database for 2011 (WHID) clearly shows that whilst many different attack methods exist, SQL injection and XSS are the most popular. To add to this, many other attack vectors, such as Information Disclosures, Content Spoofing and Stolen Credentials could all be side-effects of an XSS attack.

Read the full article to know more about Cross Site Scripting attacks.  The article also features practical examples.

New feature:

• Acunetix WVS will parse SVN repositories file structure and crawl it automatically

New security checks:

• ClientAccessPolicy.xml and CrossDomain.xml security checks
• Git repository security checks
• Check if htaccess file is readable
• Nginx PHP Code Execution via FastCGI
• Nginx buffer underflow vulnerability
• Nginx PHP FastCGI Code Execution File Upload.

Improvements:

• Improved Cross-site scripting checks.

Bug fixes:

• Maximum directory depth value was not working properly
• HTTP limitations were not respected from scripts
• When scanning a domain with subdomains, in some cases multiple scans were created for the same subdomain.
• Properly handling of situations when a file redirects to itself from http to https.

How to upgrade to build 20110308:

On starting up Acunetix WVS, a pop up window will automatically notify you that a more recent build is available for download.  To download the latest build, navigate to General > Program Updates node in the Tools explorer, and click on Download and Install new build.

Click here for the complete Acunetix WVS change log.

Contact us on support@acunetix.com for any technical queries, and on sales@acunetix.com for any sales queries.

Click here to read the entire review | Read more reviews on Acunetix

For the fourth time in a row, Acunetix Web Vulnerability Scanner Chosen as the Windowsecurity.Com Readers’ Choice Award Winner.

The leading Windows Security resource site, WindowSecurity.com, announced today that Acunetix Web Vulnerability Scanner was selected the winner in the Web Application Security category of the WindowSecurity.com Readers’ Choice Awards.

“Our Readers’ Choice Awards give visitors to our site the opportunity to vote for the products they view as the very best in their respective category,” said Sean Buttigieg, WindowSecurity.com manager. “WindowSecurity.com users are specialists in their field who encounter various network security solutions at the workplace.  The award serves as a mark of excellence, providing the ultimate recognition from peers within the industry.”

“It’s a great honour to be awarded the Windowsecurity.com Readers’ Choice Award for the fourth consecutive time. It re-emphasizes our ability to keep providing a quality and innovative product by being consistently voted as the number one web application security scanner by the readers of a leading authority in network security,” said Robert Abela, Technical Manager at Acunetix.

WindowSecurity.com conducts monthly polls to discover which product is preferred by Network Security administrators in a particular category of third party network security solutions. The awards draw a huge response per category and are based entirely on the visitors’ votes. WindowSecurity.com visitors can submit their votes for the current Readers’ Award poll in the site’s left-hand bar.

New features:

• PCI 2.0 compliance report template
• CWE/SANS top 25 complaince report template

Improvement:

• Input fields now support wildcards and priorities (read the section Traversing Web Form Pages in the Acunetix WVS user manual for more information)

Bug fixe:

• Fixed: access violation in Client Script analyzer engine

How to upgrade to build 20110209:

On starting up Acunetix WVS, a pop up window will automatically notify you that a more recent build is available for download.  To download the latest build, navigate to General > Program Updates node in the Tools explorer, and click on Download and Install new build.

Click here for the complete Acunetix WVS change log.

Contact us on support@acunetix.com for any technical queries, and on sales@acunetix.com for any sales queries.

Acunetix has long had the reputation of manufacturing one of the best tools for this kind of job. The company has recently released a new version of their Acunetix Web Vulnerability Scanner (v.7), and has rewritten most of its core components – making it faster and better.

The new features include a new scanning engine that detects a wider range of vulnerabilities, improved web 2.0 application support and session management handling, ability to rescan a specific vulnerability to verify remediation, less false positives and negatives, a lesser chance of breaking down a website while scanning, and more.” – Zeljka Zorz – Net Security.

Click here to read the entire review | Read more reviews on Acunetix

New security check:

• New type of XSS test introduced (parameter was set to javascript:…)

Bug Fixes:

• Fixed: Scanner crash when scanning https sites with client certificates.
• Fixed: A number of particular checks were not performed when scanning from crawl results.
• Fixed: Login Sequence Recorder: different user agent string was sent with XHR.
• Fixed: Reports were not sent as attachments when scanning a list of URLs from the Scheduler.
• Fixed: Fixed incorrect error message popup in scheduler “there is already a queue starting a that time when the queues were of different type”
• Fixed: Crawler MaximumVariationCount was being ignored in the scanner settings.
• Fixed: eval() security check moved from scanner to crawler.
• Fixed: Aborting of analysis while executing events in CSA engine not always working.
• Fixed: CSA engine “Worker already executing” exception.
• Fixed: In XML or AVDL export CDATA content is no longer encoded.

How to upgrade to build 20110124:

On starting up Acunetix WVS, a pop up window will automatically notify you that a more recent build is available for download. To download the latest build, navigate to General > Program Updates node in the Tools explorer, and click on Download and Install new build.

Click here for the complete Acunetix WVS change log.

Contact us on support@acunetix.com for any technical queries, and on sales@acunetix.com for any sales queries.

Which is the best web vulnerability scanner out there?

This question has been haunting the web application security field for quite some time and rest assured that no one will ever give you a definite answer. What works for Mr A does not work for Mr B. This is because every website, or web application – as we call them today – is different. There are some scanners that perform better than others on websites developed in PHP and others that might perform better on websites developed in .NET, and so on. Also, people have different needs. Some just need a scanner to generate a PCI DSS compliance report. Others use it for consulting services, to assist them during a penetration test, and therefore need a scanner that gives them as much information as possible about the target and one that includes a good set of tools for easing the lengthy process of manual penetration testing.

How can I find out which web vulnerability scanner best suites my needs?

The best way to find out which web vulnerability scanner suites your needs is to get your hands dirty and try them out yourself against a real life website that you will be securing. Most of the software companies developing web vulnerability scanners will willingly give you evaluation licenses. There is also a good number of test websites available on the Internet which you can use to evaluate a number of web vulnerability scanners, but such test websites can never beat the real thing, i.e. your own website.

You can also find a lot of information on the Internet about web vulnerability scanners and their performance. From time to time, a number of web security researches and universities test these scanners against their test scenarios, and publish their findings online in white papers and web security articles. Such white papers and technical articles can give you a broad idea of who is on top of the game, but don’t base your decision only them. Unfortunately, they can be very misleading. I am not saying that they are wrong, or they don’t do a good job, far from it. These people are doing a very useful job, and they are helping software companies improve their web vulnerability scanners, but as explained before, you should try out web vulnerability scanners on your own websites. You’ll be surprised how differently each scanner performs on different websites.

Any suggestions for what users should lookout for when testing/evaluating web vulnerability scanners?

To start off with, you should always run a web application security test scan against a test website. This is very important since you don’t know the scanner’s capabilities or the weaknesses of the target website. An out-of-the-box scan might be able to inject code that might disrupt the operations of the web application you are trying to scan.

But first, you must understand how these scanners work. The web vulnerability scanner crawls the website, to discover all the files and inputs present in that website, and then launches a number of security checks against those discovered objects. The crawling process is the most crucial part of the scan, so you should always make sure that the web vulnerability scanner is able to crawl all of the website’s objects and inputs. If it does not discover all of them, the security scan results will not be correct, because even if it discovered thousands of vulnerable objects, but missed one, that is the input or parameter which a hacker will exploit and use it to deface your website.

Secondly, you should also check how many actual vulnerabilities the web vulnerability scanner discovered. A common mistake that people make is to base their choice on the number of vulnerabilities the web vulnerability scanner discovered, without checking if some of them are false positives. You do not want a scanner to report a large number of false positives because then you have to check each one by yourself. In such cases, you might as well do the penetration test manually – a web vulnerability scanner’s purpose is to ease your job and help you be more productive – not to waste your time.

If a scanner reports a good number of false positives, most probably the problem is in the configuration. Web vulnerability scanners are complex software, and because they have to support a wide variety of web applications, they all have a considerable number of options/settings. An out-of-the-box scan might not return the desired results, but just ten minutes of tweaking the scanner, might return a 100% accurate scan result. So during the testing phase, make sure you also go through the settings, get familiar with them and use them.

Last but not least, you should check the efficiency of the company’s support department. A web vulnerability scanner is a complex piece of software, and discovering vulnerabilities in a website can be a difficult and long process. Once in a while you will need an efficient technical support engineer to assist you with your findings. If the support department takes too long to reply to your queries, or if it takes you quite some time to simply get in touch with its operator, it might be too late. An attacker can discover vulnerabilities much faster than you think!

This issue also leads us to another question – should we use an open source solution or not? Most “technical” people – especially those in the security field – tried using an open source solution at least once in their lifetime. It might be a solution that works, but when you encounter a problem that you don’t know the answer to, you must post it on forums or mailing lists. It often happens that you don’t get a response, or if you do, it takes a lot of time to get it right while you engage in an exhausting back-and-forth of mailing. In the meantime, your website is still vulnerable.

Is an automated web vulnerability scan enough to completely secure your website or web application?

I always emphasize that an automated scan should always be accompanied by a manual penetration test. A good scanner will definitely make your job easier, and will help you not to forget a particular object or input. But, there are some vulnerabilities that automated software cannot discover. Such vulnerabilities are called logical vulnerabilities. For example, if you manually set a parameter called ‘price’ to ‘free’ while testing an online shopping cart, then the customer gets the ordered product for free.

An automated web vulnerability scanner will definitely help you discover this parameter, understand how the web application works and uses such a parameter, but it will never discover flaw in it. This is another reason why I suggest going for a commercial scanner and not an open source one. While in the open source software repository you will find a number of different tools that can assist you with a manual penetration test, most of the commercial web vulnerability scanners out there are shipped with a number of penetration testing tools, such as fuzzers, HTTP editors, sniffers, etc., that can assist you and ease the manual penetration test process. The advantage is having a single website security solution that supports data exporting and importing from one tool to another. When using a number of different tools, exporting and importing data from one to the other might prove troublesome.

Can web vulnerability scanners help you remediate the vulnerability?

When a vulnerability is discovered by web vulnerability scanners, a good amount of technical details are presented to the user to help him understand and fix the issue. This technical information typically includes:

• Detailed description of the vulnerability
• HTTP request and response headers
• The vulnerable parameter or object name
• The injection value
• Remediation suggestions.

Most of the time, the remediation suggestions will be generic for that vulnerability class – for example, fixing a cross-site scripting vulnerability by filtering the user input for that vulnerable object. My advice is to not depend only on what the scanner’ suggestion. You should read more about that vulnerability class and understand what is it and how to fix it. This also serves to the user or developer as a lesson to write more secure code next time around. Some of the commercial web vulnerability scanners out there also suggest a number of web links when a vulnerability is reported, where you can usually find all the information you need.

This interview was originally published on Help Net Security on the 22nd of November 2010.

New features:

• DOM XSS will now report the filename in which the attack was executed
• DOM XSS checks on document.open, window.open, window.navigate and more

Bug fixes:

• Fixed: Aborting analysis while executing events not always worked in CSA
• Fixed: CSA engine crashing with “worker already executing” exception
• Fixed: Crawler was not considering maximum number of variations in case of links from comments
• Fixed: In some cases during a WSDL service scan, port address query params where not properly used
• Fixed: False positive for ASP.NET padding oracle test
• Bugfix: HTML parser; Fixed regex for extracting URLs from HTML comments

How to upgrade to build 20101216:

On starting up Acunetix WVS, a pop up window will automatically notify you that a more recent build is available for download.  To download the latest build, navigate to General > Program Updates node in the Tools explorer, and click on Download and Install new build.

Click here for the complete Acunetix WVS change log.

Contact us on support@acunetix.com for any technical queries, and on sales@acunetix.com for any sales queries.

In this white paper we explain in detail how to do a complete website security audit and focus on using the right approach and tools.  We describe the whole process of securing a website in an easy to read step by step format; what needs to be done prior to launching an automated website vulnerability scan up till the manual penetration testing phase.

Click here to read the whitepaper A complete guide to securing a website.

Apart from the automated DOM XSS checks, the new build also contains the following bug fixes.

• Fixed: Get First URL Only option not working correctly because it was still importing links from CSA engine
• Fixed: “User credentials sent in clear text” was not being reported by crawler in certain circumstances
• Fixed: Port was being specified in host header even if default ports were being used.

How to upgrade to build 20101206

On starting up Acunetix WVS, a pop up window will automatically notify you that a more recent build is available for download.  To download the latest build, navigate to General > Program Updates node in the Tools explorer, and click on Download and Install new build.

Click here for the complete Acunetix WVS change log.

Contact us on support@acunetix.com for any technical queries, and on sales@acunetix.com for any sales queries.

Improvement:

• More updates to the Client Script Analyser (CSA) engine for better Web 2.0 support

Bug Fixes:

• Fix: Added port in host header for https in manual browsing
• Fixed: Crawler not serving pages to Client Script Analyzer engine on request if pages were already queued
• Fixed: Compare results frame crashed if nodes are expanding while still comparing
• Fixed: CanonicalizeLink was incorrectly interpreted “..” style links

How to upgrade to build 201001123:

On starting up Acunetix WVS, a pop up window will automatically notify you that a more recent build is available for download.  To download the latest build, navigate to General > Program Updates node in the Tools explorer, and click on Download and Install new build.

Click here for the complete Acunetix WVS change log.

Contact us on support@acunetix.com for any technical queries, and on sales@acunetix.com for any sales queries.

New Features:

• Ability to stop individual running security scripts during a scan

Major Improvements:

• CSA engine now supports a wider range of JQuery and Web 2.0 applications
• Introduced a number of new XSS security checks

Bug Fixes:

• Fixed: Memory leak in NTLM authentication
• Fixed: Incorrect interpratation of links with leading “//”
• Fixed: Access violation crashes in HTTP Sniffer for certain SSL websites

How to upgrade to build 201001115:

On starting up Acunetix WVS, a pop up window will automatically notify you that a more recent build is available for download.  To download the latest build, navigate to General > Program Updates node in the Tools explorer, and click on Download and Install new build.

Click here for the complete Acunetix WVS change log.

Contact us on support@acunetix.com for any technical queries, and on sales@acunetix.com for any sales queries.