We are pleased to announce an updated build of Acunetix Web Vulnerability Scanner 8 (WVS 8). The new build 20120704, includes a number of new security checks, improvements and bug fixes. The highlight of this new Acunetix Web Vulnerability Scanner 8 build is that it includes cross-site scripting security checks for HTML5 web applications, and also for responses of text/xml content-type.
New Security Checks:
- Added a number of new HTML 5 Cross-site scripting security checks
- content-type text /xml responses are now being checked for XSS vulnerabilities
- Using Windows 8.3 short filenames techniques to check for information disclosure
- Checks for Microsoft IIS Tilde directory enumaration problems
- A number of new security checks for Webadmin
- Checking for MySQL, RubyonRails and phpMyAdmin SQL dump files on web applications
- File disclosure via XXE Injection tests for Zend Framework
- Information disclosure checks in environment variables
- Improved Directory Traversal security checks
- Less false positives reported by the HTML Forms security checks
- Custom cookies paths are now set correctly to the start URL
- New discovered input parameters variations are added to the list of input variations rather than ignored
How to Upgrade to Build 20120704
On starting Acunetix Web Vulnerability Scanner 8, a pop-up window will automatically notify you that a more recent build is available for download. Navigate to the General > Program Updates node in the Tools explorer, click on Download and Install the new build.
View the complete Acunetix WVS change log here.