An updated build of Acunetix Web Vulnerability Scanner Version 7 was released. This new build features a number of new security checks, automatic crawling and scanning of SVN repositories, improved Cross-site scripting checks and a number of bug fixes.
New feature:
- Acunetix WVS will parse SVN repositories file structure and crawl it automatically
New security checks:
- ClientAccessPolicy.xml and CrossDomain.xml security checks
- Git repository security checks
- Check if htaccess file is readable
- Nginx PHP Code Execution via FastCGI
- Nginx buffer underflow vulnerability
- Nginx PHP FastCGI Code Execution File Upload.
Improvements:
- Improved Cross-site scripting checks.
Bug fixes:
- Maximum directory depth value was not working properly
- HTTP limitations were not respected from scripts
- When scanning a domain with subdomains, in some cases multiple scans were created for the same subdomain.
- Properly handling of situations when a file redirects to itself from http to https.
How to upgrade to build 20110308:
On starting up Acunetix WVS, a pop up window will automatically notify you that a more recent build is available for download. To download the latest build, navigate to General > Program Updates node in the Tools explorer, and click on Download and Install new build.
Click here for the complete Acunetix WVS change log.
Contact us on support@acunetix.com for any technical queries, and on sales@acunetix.com for any sales queries.
Crossdomain.xml does not work properly. I tried to test a vulnerable webserver by using only the Crossdomain_XML.script and I’d turned off (disabled) everything else. It couldn’t find it.
Soroush,
Acunetix Web vulnerability Scanner will not generate an alert for Crossdomain.xml but a knowledge base icon. Can you confirm? If you still having problems drop us an email at support@acunetix.com