New Security Checks and Features Added to Acunetix Web Vulnerability Scanner

We are pleased to announce an updated build of Acunetix Web Vulnerability Scanner 8 (WVS 8). The new build 20120613 offers a number of new security checks, new scanner funtionalities, improvements and bug fixes.

New Security Checks

• New security checks for Microsoft SharePoint.
• Debug Parameters test offers you the ability to check your web applications if common debug parameters, such as “?debug=1” disclose sensitive information.
• New Cross-Site Scripting checks for Ruby on Rails / Homakov variants.
• Security check for JetBrains .idea project directory.
• ToolsPack backdoor verification.
• Security check for Fantastico_Filelist information disclosure.
• Tests for authentication bypass vulnerabilities in MySQL, MariaDB (CVE-2012-2122).
• Check for Nginx restrictions bypass (CVE-2011-4963).
• New checks when phpinfo() page is discovered: all html in such page is parsed and various alerts are issued reporting PHP configuration problems (display_errors on, register_globals etc).

New Features

• Ability to export report in the Report Viewer.
• Alerts you when HTML forms do not have CSRF protection.

Improvements

• Rewrote the ASP_NET_Oracle_Padding security script.
• Improved SVN/GIT repository security scripts.
• Improved presentation for all the alerts generated by crawler by showing more attack details.

Bug Fixes

• Login sequence recorder is now using the configured user-agent.
• Cookies path parameters are better supported.
• The scheduler authentication checkbox is restored properly if you press “Cancel”.
• Fixed theTrace/Track HTTP method test security script issue.
• The input forms which are part of the login sequence are no longer filled with HTML forms pre-configured data.
• Fixed the namespaces issue on the Web Services scanner.
• Corrected the requests which are generated by the scan results imported from the Firefox extension.
• Blind SQL injection now reports the correct value in the alert details.
• Fixed the Jquery problem: CSA select html element and options are now correctly handled.

How to Upgrade to Build 20120613

On starting Acunetix WVS 8, a pop-up window will automatically notify you that a more recent build is available for download. Navigate to the General > Program Updates node in the Tools explorer, click on Download and Install the new build.

View the complete Acunetix WVS change log here.

Contact the Acunetix Team on support@acunetix.com for any technical queries or sales@acunetix.com for any sales information.

To keep up to date with the latest website security news, ‘Like’ the Acunetix Facebook Page, follow us on Twitter and read the Acunetix Blog.

THE AUTHOR

Acunetix

Acunetix developers and tech agents regularly contribute to the blog. All the Acunetix developers come with years of experience in the web security sphere.