Acunetix WVS Build History

BETA Build v8.0.20111115 - 16th November 2011

New Features:

Manipulation of inputs from URLs
Automatic IIS 7 rewrite rule interpretation
Support for custom HTTP headers
Imperva Web Application Firewall integration
New vulnerability detection class: HTTP Parameter Pollution
Multiple instance support
Redesigned Scheduler
Automatic custom 404 error page recognition and detection
Scan settings templates
Simplified Scan Wizard
Smart memory management
Real-time Crawler status
Scan termination status included in report
Web application coverage report
Configuration of log file retention

Improvements:

All security checks have been optimized to further reduce detection of false positives
Detection of new security variants for existing vulnerabilities

Build v7.0.20111005 - 5th October 2011

New Features:

The Client Script Analyzer engine now supports jQuery, jQuery UI, and YUI Library
New URL Rewrite option: Match full URI. When enabled, a URL rewrite rule can be matched against the whole URI and not just the path

Improvements:

Major AcuSensor improvements for PHP
Inclusion of more variables discovered by Acusensor during a scan

Bug Fixes:

Build v7.0.20110920 - 20th September 2011

New Security Check:

Security check for Apache httpd remote denial of service

Improvements:

Firefox plugin now supports Firefox v.6
Inclusion of more variables discovered by Acusensor during a scan

Bug Fixes:

Fixed HTTP verb tampering security checks with further reduction of false positives
Paths edited in HTTP Authentication settings node are being saved correctly
Actions menu is appearing correctly in the Small Business Edition

Build v7.0.20110823 - 23rd August 2011

New Security Checks:

Complex security check for Timthumb (detects Wordpress installations and checks for vulnerable plugins and themes
Includes bruteforcing capabilites to look for plugins/themes that contain the Timthumb script
Security check for Sun/Oracle GlassFish Server Authentication Bypass (same check includes some additional checks for GlassFish)

Updates:

Updated Firefox plugin to support Firefox 5

Bug Fix:

Fixed an enumeration problem while parsing a WSDL with inputs that have a lot of possible values.

Build v7.0.20110711 - 17th July 2011

New Feature:

Included IMAGE tag with source in crawler for more detailed crawling data.

Improvements:

Improved Cross-site scripting checks.
Introduced a number of improvements in the Client Script Analyzer (CSA) module for better Web 2.0 crawling.

Bug Fixes:

Fixed crash in Login Sequence Recorder when accessing specific sites with frames.
Fixed Access Violation in fuzzer if XML filetype is selected and set an invalid filename.
Fixed issue when authenticating against websites using Digest and NTLM.
Fixed a file browser crash if visualizing file during scanning.
Fixed a crash when loading saved scans from specific websites.
Corrected interpretion of HTML encoding in Crawler.
Fixed Access Violation in Fuzzer

Build v7.0.20110518 - 18th May 2011

Bug Fixes:

Fixed where the Acusensor Technology files were updated incorrectly.
Fixed Access Violation when scan is stopped.
Fixed user interface incorrect behaviour.

Build v7.0.20110406 - 6th April 2011

New feature:

AcuSensor details are now exported in the report as well.

Bug Fixes:

Fixed a bug in cross domain check script.
Fixed 2 crashes in the scanner software.
Fixed a bug in DOM XSS security check.

Build v7.0.20110308 - 8th March 2011

New features:

Acunetix WVS will parse SVN repositories file structure and crawl it automatically

New security checks:

ClientAccessPolicy.xml and CrossDomain.xml security checks
Git repository security checks
Check if htaccess file is readable
Nginx PHP Code Execution via FastCGI
Nginx buffer underflow vulnerability
Nginx PHP FastCGI Code Execution File Upload.

Improvement:

Improved Cross-site scripting checks.

Bug fixes:

Maximum directory depth value was not working properly
HTTP limitations were not respected from scripts
When scanning a domain with subdomains, in some cases multiple scans were created for the same subdomain
Properly handling of situations when a file redirects to itself from http to https.

Build v7.0.20110209 - 9th February 2011

New features:

PCI 2.0 compliance report template
CWE/SANS top 25 complaince report template

Improvement:

Input fields now support wildcards and priorities (read the section Traversing Web Form Pages in the Acunetix WVS user manual for more information)

Bug fix:

Fixed: access violation in Client Script analyzer engine

Build v7.0.20110124- 24th January 2011

New features:

New type of XSS test introduced (parameter was set to javascript:...)

Bug fixes:

Fixed: Scanner crash when scanning https sites with client certificates.
Fixed: A number of particular checks were not performed when scanning from crawl results.
Fixed: Login Sequence Recorder: different user agent string was sent with XHR.
Fixed: Reports were not sent as attachments when scanning a list of URLs from the Scheduler.
Fixed: Fixed incorrect error message popup in scheduler "there is already a queue starting a that time when the queues were of different type"
Fixed: Crawler MaximumVariationCount was being ignored in the scanner settings.
Fixed: eval() security check moved from scanner to crawler.
Fixed: Aborting of analysis while executing events in CSA engine not always working.
Fixed: CSA engine "Worker already executing" exception.
Fixed: In XML or AVDL export CDATA content is no longer encoded.

Build v7.0.20101216- 20th December 2010

New features:

DOM XSS will now report the filename in which the attack was executed
DOM XSS checks on document.open, window.open, window.navigate and more

Bug fixes:

Fixed: Aborting analysis while executing events not always worked in CSA
Fixed: CSA engine crashing with "worker already executing" exception
Fixed: Crawler was not considering maximum number of variations in case of links from comments
Fixed: In some cases during a WSDL service scan, port address query params where not properly used
Fixed: False positive for ASP.NET padding oracle test
Bugfix: HTML parser; Fixed regex for extracting URLs from HTML comments

Build v7.0.20101206- 6th December 2010

New feature:

Acunetix WVS automatically checks for DOM XSS vulnerabilities

Bug fixes:

Fixed: Get First URL Only option not working correctly because it was still importing links from CSA engine
Fixed: "User credentials sent in clear text" was not being reported by crawler in certain circumstances
Fixed: Port was being specified in host header even if default ports were being used.

Build v7.0.20101123- 23th November 2010

Improvements:

More updates to the Client Script Analyser (CSA) engine for better Web 2.0 support

Bug fixes:

Fix: Added port in host header for https in manual browsing
Fixed: Crawler not serving pages to Client Script Analyzer engine on request if pages were already queued
Fixed: Compare results frame crashed if nodes are expanding while still comparing
Fixed: CanonicalizeLink was incorrectly interpreted ".." style links

Build v7.0.20101115- 15th November 2010

New features:

Ability to stop individual running security scripts during a scan

Major Improvements:

Introduced a good number of CSA engine improvements; better support of JQuery and Web 2.0 applications
Introduced a number of new XSS security checks

Bug fixes:

Fixed: Memory leak in NTLM authentication
Fixed: Incorrect interpratation of links with leading "//"
Fixed: Access violation crashes in HTTP Sniffer for certain SSL websites

Build v7.0.20101028- 28th October 2010

Bug fixes:

Fixed: Replay of recorded login sequences was not working properly in the free version
Fixed: NTML authentication was not working properly when using specific type of credentials
Fixed: Crash in Login Sequence Recorder while detecting invalid session on some particular websites
Bugfix: Fixed XSS tests to automatically follow redirects
Bugfix: Fixed script error in ASP.NET padding oracle test

Build v7.0.20101012 - 12th October 2010

Bug fixes:

Fixed: Client Script Analyser engine was blocking if insertAdjacentHTML used on an element without parent
Fixed: "Accept" header was not sent by the advanced penetration testing tools

Build v7.0.20100921 - 22nd September 2010

New Security Check:

Added a security check for the latest OpenX OFC file upload vulnerability
Added a ASP.NET security check for the ASP.NET padding Oracle vulnerability

Improvements:

Reduced the number of false positives for Blind SQL injections security checks
Improved Blind SQL injection tests by adding a number of new tests to detect blind SQL injections in UPDATE/INSERT/...

Bug fixes:

Fixed: Cookie encoding didn't worked as expected in some cases
Fixed: Cookie were not always imported from AcuSensor data

Build v7.0.20100902 - 2nd September 2010

New Features:

Added the option to mark a whole group or node alerts as false positive via right click

Bug fixes:

Problems with proxy authentication didn't allow proxy users to run scans
Mark Alert as false positive was not working properly in some cases

Build v7.0.20100901 - 1st September 2010 - NEW VERSION

New Features:

New scanning engine - faster and reports more vulnerabilities
New vulnerability verifying techniques to reduce false positives
New site crawler - ability to crawl a wider range of websites and find more parameters
Scriptable Vulnerabilities - now vulnerability checks are written in JavaScript
Ability to analyse website presentation layer to better understand website parameters' functions
Graphical Scan status interface presents you with more scan information
Re-scan single vulnerability to avoid launching repetitive scans to verify fixes
Support for HTTP Keep-alive
DNS Caching to reduce multiple DNS requests
Ability to control delay between requests
HTTP authentication settings node - support for granular specifications of HTTP credentials
Support for digest HTTP authentication mechanism
AcuSensor Technology test button to quickly verify installation of remote AcuSensor agent
Different variants of the same vulnerability are consolidated under one alert node
Ability to specify label or tag instead of actual website parameter name in Input Fields node
Option to automatically randomize input for parameters specific in Input Fields node

New security checks:

Test for SQL Injection in URI
Stored SQL injection
Stored file inclusion
Stored directory traversal
Stored code execution
Stored file tampering
A whole new set of more advanced WebDav auditing checks
Automated form based authentication auditing checks (e.g. check if credentials can be brute forced)

Major Improvements:

Consumes less bandwidth
Improved network traffic handling
HTTP authentication is now shared between all penetration testing tools
Improved HTTP Snifffer / Manual crawling process
Improved support for Web 2.0 requests and responses e.g. JSON, XML etc
Support for a wider variety of content-types
Improved Web 2.0 session management support
Imrpoved XSS (Cross-site scripting) security checks and detection rate
Added a number of new and improved existing web server security auditing techniques
Improved file upload security checks
Improved DNS auditing scripts

Build v6.5.20100616 - 16th June 2010

Change:

All vulnerabiliy checks which used http://*.acunetix.com test websites, now are using to http://*.vulnweb.com

Build v6.5.20100601 - 19th April 2010

New Feature:

Added OWASP top 10 2010 report template

Bug Fix:

Fixed: Proxy crashes when processing some specific SSL traffic

Build v6.5.20100419 - 19th April 2010

Bug Fix:

Fixed: Access violation when the application exits

Build v6.5.20100407 - 7th April 2010

Bug Fixes:

Fixed: Login Sequence Recorder was not using client certificates when recording a login sequence
Fixed: Login Sequence Recorder was not using the configured User Agent string
Fixed: HTTP Sniffer was not handling some specific web authentication properly

Build v6.5.20100303 - 3rd March 2010

New feature:

Added a new option to export results to HTTP Fuzzer

New Security Checks:

Test for XML External Entity Injection
Test for XML Injection

Improvements:

Improved directory traversal vulnerability check
Improved Cross-site Scripting (XSS) vulnerability checks

Bug Fixes:

Fixed: access violation when the application exists
Fixed: access violation when protocol was terminated in NotifyCaller function in LSR
Fixed: AbortVulnXML OnFirstAlert was not imported from settings
Fixed: Form values were not encoded correctly when submitted from JavaScript (CSA engine)

Build v6.5.20100210 - 10th February 2010

New security check:

Test for Cross Site Scripting in the Referrer header

Improvement:

Acunetix Firefox extension now supports latest Firefox release

Bug Fixes:

Crawler: Html decode form inputs before usage
Fixed an infinite recursion when crawler reported an external link from the same host but on a different port
Fixed an issue with the crawler with parsing robots.txt file
Web Services scanner: Fixed parsing of WSDL files with attributes

Build v6.5.20100203 - 3rd February 2010

New security checks:

8.3 DOS filename source code disclosure
Apache Tomcat Directory Host Appbase authentication bypass vulnerability
Apache Tomcat WAR File directory traversal vulnerability
Apache stronghold-info enabled
Apache stronghold-status enabled
ColdFusion 9 Solr Service exposed
Error page path disclosure
Error page web server version disclosure
File inclusion RFI list
Checks for multiple vulnerabilities in XAMPP
Server-Side Includes (SSI) injection on Unix
Server-Side Includes (SSI) injection on Windows
ASP.NET error messages when requesting URL like |.aspx

Improvements:

Added more variants to FCKeditor arbitrary file upload
Updated cross site scripting in path security checks
Updated directory listing security checks
Updated directory traversal on Unix security checks
Updated file upload security checks
Updated LDAP injection security checks
Updated possible sensitive files security checks
Updated XPath injection security checks

Bug Fixes:

Workaround for window.open used with NULL parameter
Notify elements that they are unbidden
Notify form if an input was removed
Include select element values in submitted data
Fixed: HttpProt was sending content length with CONNECT
Fixed: Crawler didn't consider post data for links from CSA engine; some where ignored
Fixed: Login sequence recorder was sending requests synchronously

Build v6.5.20100111 - 11th January 2010

New security checks:

Test for File Upload IIS bug filename.asp;.jpg
Test for WP-Forum 2.3 vulnerabilities
JBoss rmi ping (network script)

Bug Fixes:

Bugfix: Modified forms notifications from CSA
Bugfix: CSA: Workaround for window.open with null parameters
Fixed: In some specific scenarios the scheduler queue was restarting on its own
Fixed: Node was not expanding automatically when manually adding a new logout link in the LSR

Build v6.5.20091215 - 15th December 2009

New security checks:

JBoss BSHDeployer MBean
JBoss checks from RedTeam's paper
JBoss HttpAdaptor JMXInvokerServlet
JBoss Server MBean
JBoss ServerInfo MBean
JBoss Web Console JMX Invoker
phpShop v0.8.1 Multiple Vulnerabilities
Invision Power Board <= v3.0.4 Local PHP File Inclusion and SQL Injection

Improvements:

Improved Blind SQL injection tests to reduce false positives
Added better JBoss server detection
Better detection for Postgre SQL injections

Bug Fixes:

Fixed: GUI crashes when specific settings are changed in the Port Scanner node
Fixed: Login Sequence recorder was retaining post data when redirecting to the same page

Build v6.5.20091130 - 30th November 2009

Bug Fixes:

Fixed: crash in TM_MultiRequest_Parameter_Manipulation module
Fixed: bug in crawler related with GetVar encoding

Build v6.5.20091124 - 24th November 2009

New:

New security checks of AcuSensor Technology
- curl_exec() url is controlled by user
- PHP preg_replace used on user input
- PHP super-globals-overwrite
- PHP unseriazlie used on user input
Other new security checks of Acunetix WVS
- osCommerce authentication bypass
- Apache Tomcat insecure default administrative password
- Apache Tomcat directory traversal
- Checks for PHP invalid data type error messages
- Check for possible remote SWF inclusion
- Added further checks for possible sensitive files; general tests per server
- Added further checks for possible sensitive directories; general tests per server
- Added a new security check for SQL injection in the authentication header (basic authentication, base64 encoded)
- Added AlertIfTextNotFound group parameter to invert search and issue an alert if a specified text is not found

Improvements:

Renamed Weak password module to Authentication module since now it includes much more authentication security checks
Improved Cross-site scripting in URI checks to include Ruby on rails security checks
Improved Application errors security checks
Introduced 3 new setting parameters for the crawler in Settings.XML file:
- <MaxFirstPossibleValue>262144</MaxFirstPossibleValue>
- <MaxOtherPossibleValues>256</MaxOtherPossibleValues>
- <MaxNumberOfPossibleValues>1000</MaxNumberOfPossibleValues>

Bug Fixes:

Fixed: false positives issued in weak password alert
Fixed: WSDL importer crash when importing recursive complex elements
Fixed: Crawler proxy request handling changed to decode the input name/value
Fixed Vulnerability Editor to show group parameters with default values if no VulnXML template is used
Changed HTTP_Anomalies to log PHP errors and save the results in a file (instead of alerts)Changed HTTP_Anomalies to log PHP errors and save the results in a file instead of alerts
Hidden VulnXML properties for alerts that are not using vulnxml default template in Vulnerability Editor
Adjusted VulnXML to reduce the number of false positives for Blind SQL injection timing tests
Updated CSA engine; delete the BOM characters from script sources
Updated URL_Helper; UrlEncode/Decode modified not to use str := str + ch and to validate hex characters after %
Updated File_Inputs; possible values are limited in size now

Build v6.5.20091027 -27th October 2009

Bug Fixes:

Fixed: Redirect on LoginSequenceStep was not followed correctly
Fix in URL Rewrite module to remove GetVars before matching rules

Build v6.5.20091012 -12th October 2009

Bug Fixes:

Fixed: Memory leak when invoking state change handler
Fixed: Item index for an item which has just been inserted fails in the Browserframe
Fixed: Error in indexing the get variables when redirecting in Session management

Build v6.5.20091005 - 5th October 2009

New:

Added a new check for SVN repositories

Improvements:

Improved MultiRequest paramenter manipulation; now using the form matcher to match parameter values
Improved SQL injection tests
Improved Application error tests

Bug Fixes:

Fixed: Links from HTML comments and other sources that are not trusted where not checked if they are from the same host as the base
Fixed: Login sequence not working properly with HTTP authentication
Fixed: MessageDlg was used in inittempfiles in console mode
Fixed: WinInet bug to resent the request if the server accepts client certificates
Fixed: Redirect from index.php to index.php was not working

Build v6.5.20090917 - 17th September 2009

New:

Added two new blind SQL injection tests
Added a new scanning profile for stored XSS only
Added HTTP verb tempering using POST method check

Improvements:

Improved appearance for compliance report by adding visual markets and several other presentation enhancements

Bug Fixes:

Fixed temporary files access issue
Fixed issue where HTTP Proxy was dublicating the connection: keep-alive header
Fixed issue where HTTP Proxy was putting the authorization header from fake basic authentication into server request
Fixed a problem where credentials configured through command line where not working properly in particular situations

Build v6.5.20090813 - 13th August 2009

Improvements:

HTML forms settings node was renamed to Input Fields. This node now can also be used to pre-define web services operations values.
New SQL Injection tests added
New XSS tests (unicode) added

Build v6.5.20090728 - 28th July 2009

New Features:

Manual Intervention module: better support for CAPTCHA and modern authentication mechanisms

Improvements:

Added new variants of blind SQL injection tests (now testing both AND and OR boolean operators)
Added new tests for SQL Injection with charset GBK/Big5
Added new variants for Cross site scripting

Bug Fixes:

Fixed several issues with CSA (Client Script Analyzer) engine.

Build v6.5.20090622 - 22nd June 2009

Improvements:

Better cookies handling in several modules
Implemented exception handler in Login Sequence Recorder

Bug Fixes:

Handled issue when non-responsive hosts triggered download dialog

Build v6.5.20090618 - 18th June 2009

New Features:

Implemented Blind SQL Injection (timing) for web services scanner
Implemented HTTP authentication for web services scanner

Bug Fixes:

Fixed problem related to File Inclusion in AcuSensor Technology
Fixed a problem in ssl_ping network script

Build v6.5.20090519 - 20th May 2009 - NEW VERSION

New Features:

File upload forms vulnerability checks
New Login Sequence Recorder; supports much more authentication forms and web technologies
Session Auto Recognition module; if the session is invalidated or logged out during crawling, the scanner will automatically replay the login sequence without the need of manual intervention
Actions drop down menu; for each selected node, the actions drop down menu is activated showing all possible functions
Much more checks and alerts for JSP, Java and Tomcat web server

Major Improvements:

Improved cookie management and session handling to support modern dynamic websites
Port scanner and Network Alerts results will appear in a separate node in the results tree
Users can import Version 6 settings to Version 6.5
Added blind SQL injection timing test using MySQL's sleep and MS SQL's waitfor function. This will help in discovering particular blind SQL injections that do not report a change on the page

Build v6.1.20090211 - 11th February 2009

General improvements:

CSA engine now supposrts jQuery and Yahoo! UI JavaScripts libraries
Added component in scanner to search for links in HTML comments and Flash (SWF) strings
Created an ASL.1 parser which can parse X509 Certificates
Improved Crawler; improved Wivet coverage to 94%
Added more JBoss configuration tests
Added more Tomcat tests
Added more web server configuration checks for server path, internal IP and username/password disclosure
Improved RSS/Atom parses
Added more attack vectors to source code disclosure and directory traversal tests for both Windows and Unix

Bug Fixes:

Reporter now filters very long knowledge base items
Fixed SSL3, TLS1 parsing issues
Fix in Crawler to handle better query variable in start URL's

Build v6.0.20081209 - 9th December 2008

General improvements:

Optimized large portions of the code to improve speed
Optimized Progress text for scripts and port scan
Show progress on ScanInfo frame

Bug Fixes:

Module tm_backup_files - can make tests like {filename}{test}{extension} (e.g. file1.php from file.php)
Crawler was not sending the custom cookies for the first request reporter crash on settings read (only try/except)
Fixed crash in "import scan results to database" when the scan was running
SSL certificate validity year fix
Fixed a bug in parameter manipulation. Crashing when Combination was nil (no values)
Error in interpreting redirections of type "?getvar=value"
Fixed jsessionid session fixation test
Fixed Activation in v6 for Vista.
Fixed a problem with Authentication Tester (the app was not recovering when an invalid protocol was specified as target) - Reported by Harutyun Sardaryan
Fixed a crash in HTTP Fuzzer - Reported by Harutyun Sardaryan
Fix in Blind SQL Injector: On UNION SELECT based string extraction when httpencoding is applied the last char was eaten

Build v6.0.20081028 - 28th October 2008 - NEW VERSION

New tools / Applications:

AcuSensor Technology
Port Scanner and Network Alerts tool
Blind SQL Injector Tool

General improvements:

Pause and Resume scan functionality
Option to mark an alert as false positive
Support for NTLM v2
Scanner can now gather a list of uncommon HTTP responses
Scanner can automatically stop if a number of network errors occure or web server does not respond.

User Interface improvements:

Compare results tool now compares also Knowledge Base items and list of open web server ports
Possibility to quickly locate a vulnerability by using a filter while before only search was allowed
In Scanning profiles and Vulnerability Edior vulnerabilities are automatically sorted by name
In HTTP Fuzzer results can be sorted by clicking on header columns and changes in Fuzzer filters are automatically reflected in results window

Scheduler improvements:

All scanning options are now available in scheduler
Option to configure the day of the week or month for a scheduled scan
Option to configure scan exclusion hours, i.e. when an ongoing scan should be paused and resumed

Build v5.1.70829 - 4th September 2007

Huge improvement in memory handling! - Memory handling is now done in a much more efficient way and temporary data is now stored by default onto the hard drive freeing up a LOT of system memory especially when dealing with large websites.
Introduced pre-conditions to various vulnerability tests - this will check if vulns can actually exist in a certain environment before starting to test for then - thus avoiding checking for vulnerabilities in vain and at the same time speeding up the scanning time.
Summary view for alert nodes - avoids long delays in displaying all alerts under a node
Added "Current Test" information to the scan information view
Improvements in HTTP Fuzzer
Fixed Javascript issue with parsing certain websites
Fixed validation when saving login sequence file
Fixed crash with error "sitefile parts already loaded"
Fixed Web Services Scan Wizard detection of Inputs for particular WSDL URLs
Fixed Web Services Scaner crash when clicking on some elements of the tree structure

Build v5.0.70621 - 25th June 2007

Tweak in Heuristic scanning mode for improved memory management
Enabled by default save crawling data to disk
Added Day and Month to timestamps in Activity Window
Small text changes in crawler settings
Elevation of privileges OS vulnerability fix

Build v5.0.70604 - 11th June 2007 - NEW VERSION

New Tools / Applications:

Subdomain Scanner
Web Services Scanner
Web Services Editor
Reporter Application

General Improvements:

Microsoft WindowsVista Support
Visual Interface Improvements with new graphics and buttons
Source View in various parts of the product
Password protection for all Acunetix Tools and applications
Upgrading from Previous Versions/Builds keeps all Settings and Configurations

Reporting Improvements:

New Reporter Application
Detailed Scans View from the Database
Standard Report Templates: Developer, Executive, Vulnerability
Scan Comparison Templates
Statistical Templates: Yearly, Monthly, etc..
Compliance Reports Templates: PCI, Sarbanes-Oxley, HIPAA, etc..

Crawler Improvements:

Manual Choice of Files from the Site Structure
Directory Recursion (loop) Detection
URL Rewrite Detection and Warning to User
Improved Filtering (replacing the old search functionality)

Scanner Improvements:

New Scanning Mode Option: Quick, Heuristic and Full
Multi-Step Scanning
Stored XSS Tests
Header Manipulation
Improved Blind SQL Injection Tests
Improved Mod_Rewrite Support
Improved Filtering (replacing the old search functionality)
Grouping of Test Variants
Sitemaps Support
Added New Vulnerability Tests

Scheduler Improvements:

Support for Web Services Scheduled Scans
New options for Source and Output of Scans
Mail Notifications

Command Line Improvements:

New options added to support more functions like the full application
Web Services Scans
Mail Notifications

Database Improvements:

Significantly Reduced DB Size by 90% while keeping the same details and more!
New Database Structure (conversion tool available to upgrade from v4 structure)

Acunetix WVS Build History

Acunetix Web Application Security Blog

Latest Article

Latest Whitepaper

Testimonials