New Acunetix update includes security checks for Joomla! Core RCE, improved XXE tests and more

New updates have been released that test for a new Joomla! remote code execution vulnerability¬†affecting versions 1.5.0 through 3.4.5 CVE-2015-8562. Other updates also include improved XML External Entity (XXE) testing, multiple Cross-site Scripting tests in commonly used libraries and other improvements/bug fixes. Below is the full list of updates. New Features Added a test for […]

Read More →

Acunetix 10 build includes security checks in CORS configurations, Rails web applications and identifies the vBulletin 5 RCE

Acunetix 10 (build 20151125) has been released. This new build checks for insecure DNS records, insecure CORS configurations, Rails web applications running in development mode, web applications running Tornado and Pyramid in debug mode and various new and updated vulnerability checks including one for vBulletin 5 RCE. Below is the full list of updates. New […]

Read More →

Acunetix OVS updated to allow better Vulnerability Management

Acunetix Online Vulnerability Scanner (OVS) has been updated to provide better web and perimeter security, while providing an improved indication of the security of your assets. Through this update, Acunetix OVS users can easily identify their long forgotten assets, rest assured that their servers are being constantly checked for the latest vulnerabilities. The following is […]

Read More →

Acunetix 10 new build checks for vulnerabilities in Composer, Zend Framework, AjaxControlToolkit

Acunetix WVS v.10 (build 20150921) has been released. This new build checks for Cross Site Scripting in mobile-touch event handlers and for various vulnerabilities in products such as Composer, Zend Framework, AjaxControlToolkit and others. Below is a full list of updates. New Features Added a new test looking for development configuration files such as Vagrantfile, […]

Read More →

Acunetix updated to detect vulnerabilities including Blind Out-of-band SQLi and RCE

Acunetix Web Vulnerability Scanner version 10 (build 20150707) has been updated to include new vulnerability checks, including the detection of Same Origin Method Execution, XSLT Injection, Blind Out-of-band Remote Code Execution and Blind Out-of-band SQL Injection. This build also includes various updates to the new Login Sequence Recorder. The following is a full list of […]

Read More →

XML external entity injection via REST APIs

The new version of Acunetix Web Vulnerability scanner comes with improved support for scanning REST APIs. When Acunetix WVS finds an REST API definition (via a WADL file or from Acunetix DeepScan) it also scans this API resource for XML external entity injection vulnerabilities. If it receives a REST API resource from Acunetix DeepScan and […]

Read More →

Improved support for Ruby on Rails web applications

Aside from better scanning of Java/J2EE web applications, Acunetix WVS version 10 comes with improved support for web applications built using the popular framework Ruby on Rails. A lot of new Rails specific tests were added in the new version. For example, many Rails developers use Rails scaffolding. Rails scaffolding is a quick way to […]

Read More →

Better scanning of Java / J2EE web applications

With the release of Acunetix WVS version 10, we’ve introduced a lot of improvements on how we test Java web applications. Java web applications are notoriously hard to scan automatically for many reasons, the most important one being session management. This type of application will frequently invalidate user sessions, making the process of crawling and […]

Read More →

Delegate tasks, limit access and stay in control with Acunetix OVS Multi-User Access

A new feature to the online version of Acunetix – Acunetix Online Vulnerability Scanner (OVS) now allows the owner of an account to create child users, delegating vulnerability scanning and reporting tasks to other users and at the same time auditing their actions. This increased flexibility has been introduced following feedback from current users, who […]

Read More →