Acunetix Web Vulnerability Scanner v9, build 20131216 includes a new PCI 3.0 compliance report and several new tests

Acunetix Web Vulnerability Scanner version 9, build 20131216 includes a new compliance report to cover the latest version of the PCI DSS Regulations. In addition, this new build checks for several vulnerabilities in various systems including Ruby on Rails, Zend Framework, Nginx and WordPress.

New Functionality

 

Improvements

  • Improved test for WordPress OptimizePress Theme file upload vulnerability.
  • The scanner will now indicate that a scan can take long time to complete, allowing the user to tweak the scan settings if needed.
  • Various improvements to the Login Sequence Recorder
  • Improved the test looking for possible form caching (look for missing "pragma: no-cache" header).
  • It is now possible to use multiple input values for HTML inputs using the format: $(choice1,choice2). These can be configured from Configuration > Scan Settings > Input Fields.
  • Speed improvements gained by streamlining the number of requests performed by some checks.
  • Better handling of some uncommon HTTP status codes.
  • The user-agent of the Login Sequence Recorder can now be configured to use the one configured in WVS (by default, it uses Internet Explorer)
  • Directory Traversal script now provides better handling of Java Web Applications.
  • Improved the calculation of the average response time during a scan

 

Bug Fixes  

  • Sites with a high response time were showing incorrect scan statistics.
  • Fixed rewrite detection on nginx servers with phpfastcgi.
  • Fixed some false positives in SQL Statement in comment.
  • Better handling of very long VIEWSTATE strings.
  • Improved handling of Windows based websites by providing better support for case insensitive filesystems
  • Scan from HTTP Proxy log entry was not working correctly
  • Fixed a crash caused by specific characters in the URL Encoded Post Data
  • Fixed a false positive in Script_Source_Code_Disclosure.script
  • Fixed some false positives in error messages.
  • Web Services: fixed Out of Bounds error when importing invalid WSDLs.

 

How to Upgrade

If you are running Acunetix WVS 8, you should follow the upgrade instructions available in the "Upgrading from a previous version of Acunetix Web Vulnerability Scanner" in the Acunetix WVS user manual.

If you are running Acunetix WVS v9, you will be notified that a new build is available to download when you start Acunetix WVS. Navigate to the General > Program Updates node in the Tools explorer, click on Download and Install the new build.

You can see the complete Acunetix WVS change log here. If you have any technical questions, feel free to email the Acunetix Support Team.

 

Leave a Reply


*