New cross-site scripting security checks in latest Acunetix WVS build

We are pleased to announce an updated build of Acunetix Web Vulnerability Scanner 8 (WVS 8). The new build 20120704, includes a number of new security checks, improvements and bug fixes. The highlight of this new Acunetix Web Vulnerability Scanner 8 build is that it includes cross-site scripting security checks for HTML5 web applications, and also for responses of text/xml content-type.

New Security Checks:

  • Added a number of new HTML 5 Cross-site scripting security checks
  • content-type text /xml responses are now being checked for XSS vulnerabilities
  • Using Windows 8.3 short filenames techniques to check for information disclosure
  • Checks for Microsoft IIS Tilde directory enumaration problems
  • A number of new security checks for Webadmin
  • Checking for MySQL, RubyonRails and phpMyAdmin SQL dump files on web applications
  • File disclosure via XXE Injection tests for Zend Framework
  • Information disclosure checks in environment variables

Improvements:

  • Improved Directory Traversal security checks
  • Less false positives reported by the HTML Forms security checks

Bug Fixes:

  • Custom cookies paths are now set correctly to the start URL
  • Login Sequence Recorder now executes Javascripts even if there are js errors
  • New discovered input parameters variations are added to the list of input variations rather than ignored

How to Upgrade to Build 20120704

On starting Acunetix Web Vulnerability Scanner 8, a pop-up window will automatically notify you that a more recent build is available for download. Navigate to the General > Program Updates node in the Tools explorer, click on Download and Install the new build.

View the complete Acunetix WVS change log here.

Contact the Acunetix Team on support@acunetix.com for any technical queries or sales@acunetix.com for any sales information.

To keep up to date with the latest website security news, ‘Like’ the Acunetix Facebook Page, follow us on Twitter and read the Acunetix Blog.

Share this post

Leave a Reply

Your email address will not be published.