Acunetix WVS Build History
BETA Build v8.0.20111115 - 16th November 2011
New Features:
- Manipulation of inputs from URLs
- Automatic IIS 7 rewrite rule interpretation
- Support for custom HTTP headers
- Imperva Web Application Firewall integration
- New vulnerability detection class: HTTP Parameter Pollution
- Multiple instance support
- Redesigned Scheduler
- Automatic custom 404 error page recognition and detection
- Scan settings templates
- Simplified Scan Wizard
- Smart memory management
- Real-time Crawler status
- Scan termination status included in report
- Web application coverage report
- Configuration of log file retention
Improvements:
- All security checks have been optimized to further reduce detection of false positives
- Detection of new security variants for existing vulnerabilities
Build v7.0.20111005 - 5th October 2011
New Features:
- The Client Script Analyzer engine now supports jQuery, jQuery UI, and YUI Library
- New URL Rewrite option: Match full URI. When enabled, a URL rewrite rule can be matched against the whole URI and not just the path
Improvements:
- Major AcuSensor improvements for PHP
- Inclusion of more variables discovered by Acusensor during a scan
Bug Fixes:
- Login Sequence Recorder uses the specified Proxy settings correctly
Build v7.0.20110920 - 20th September 2011
New Security Check:
- Security check for Apache httpd remote denial of service
Improvements:
- Firefox plugin now supports Firefox v.6
- Inclusion of more variables discovered by Acusensor during a scan
Bug Fixes:
- Fixed HTTP verb tampering security checks with further reduction of false positives
- Paths edited in HTTP Authentication settings node are being saved correctly
- Actions menu is appearing correctly in the Small Business Edition
Build v7.0.20110823 - 23rd August 2011
New Security Checks:
- Complex security check for Timthumb (detects Wordpress installations and checks for vulnerable plugins and themes
- Includes bruteforcing capabilites to look for plugins/themes that contain the Timthumb script
- Security check for Sun/Oracle GlassFish Server Authentication Bypass (same check includes some additional checks for GlassFish)
Updates:
- Updated Firefox plugin to support Firefox 5
Bug Fix:
- Fixed an enumeration problem while parsing a WSDL with inputs that have a lot of possible values.
Build v7.0.20110711 - 17th July 2011
New Feature:
- Included IMAGE tag with source in crawler for more detailed crawling data.
Improvements:
- Improved Cross-site scripting checks.
- Introduced a number of improvements in the Client Script Analyzer (CSA) module for better Web 2.0 crawling.
Bug Fixes:
- Fixed crash in Login Sequence Recorder when accessing specific sites with frames.
- Fixed Access Violation in fuzzer if XML filetype is selected and set an invalid filename.
- Fixed issue when authenticating against websites using Digest and NTLM.
- Fixed a file browser crash if visualizing file during scanning.
- Fixed a crash when loading saved scans from specific websites.
- Corrected interpretion of HTML encoding in Crawler.
- Fixed Access Violation in Fuzzer
Build v7.0.20110518 - 18th May 2011
Bug Fixes:
- Fixed where the Acusensor Technology files were updated incorrectly.
- Fixed Access Violation when scan is stopped.
- Fixed user interface incorrect behaviour.
Build v7.0.20110406 - 6th April 2011
New feature:
- AcuSensor details are now exported in the report as well.
Bug Fixes:
- Fixed a bug in cross domain check script.
- Fixed 2 crashes in the scanner software.
- Fixed a bug in DOM XSS security check.
Build v7.0.20110308 - 8th March 2011
New features:
- Acunetix WVS will parse SVN repositories file structure and crawl it automatically
New security checks:
- ClientAccessPolicy.xml and CrossDomain.xml security checks
- Git repository security checks
- Check if htaccess file is readable
- Nginx PHP Code Execution via FastCGI
- Nginx buffer underflow vulnerability
- Nginx PHP FastCGI Code Execution File Upload.
Improvement:
- Improved Cross-site scripting checks.
Bug fixes:
- Maximum directory depth value was not working properly
- HTTP limitations were not respected from scripts
- When scanning a domain with subdomains, in some cases multiple scans were created for the same subdomain
- Properly handling of situations when a file redirects to itself from http to https.
Build v7.0.20110209 - 9th February 2011
New features:
- PCI 2.0 compliance report template
- CWE/SANS top 25 complaince report template
Improvement:
- Input fields now support wildcards and priorities (read the section Traversing Web Form Pages in the Acunetix WVS user manual for more information)
Bug fix:
- Fixed: access violation in Client Script analyzer engine
Build v7.0.20110124- 24th January 2011
New features:
- New type of XSS test introduced (parameter was set to javascript:...)
Bug fixes:
- Fixed: Scanner crash when scanning https sites with client certificates.
- Fixed: A number of particular checks were not performed when scanning from crawl results.
- Fixed: Login Sequence Recorder: different user agent string was sent with XHR.
- Fixed: Reports were not sent as attachments when scanning a list of URLs from the Scheduler.
- Fixed: Fixed incorrect error message popup in scheduler "there is already a queue starting a that time when the queues were of different type"
- Fixed: Crawler MaximumVariationCount was being ignored in the scanner settings.
- Fixed: eval() security check moved from scanner to crawler.
- Fixed: Aborting of analysis while executing events in CSA engine not always working.
- Fixed: CSA engine "Worker already executing" exception.
- Fixed: In XML or AVDL export CDATA content is no longer encoded.
Build v7.0.20101216- 20th December 2010
New features:
- DOM XSS will now report the filename in which the attack was executed
- DOM XSS checks on document.open, window.open, window.navigate and more
Bug fixes:
- Fixed: Aborting analysis while executing events not always worked in CSA
- Fixed: CSA engine crashing with "worker already executing" exception
- Fixed: Crawler was not considering maximum number of variations in case of links from comments
- Fixed: In some cases during a WSDL service scan, port address query params where not properly used
- Fixed: False positive for ASP.NET padding oracle test
- Bugfix: HTML parser; Fixed regex for extracting URLs from HTML comments
Build v7.0.20101206- 6th December 2010
New feature:
- Acunetix WVS automatically checks for DOM XSS vulnerabilities
Bug fixes:
- Fixed: Get First URL Only option not working correctly because it was still importing links from CSA engine
- Fixed: "User credentials sent in clear text" was not being reported by crawler in certain circumstances
- Fixed: Port was being specified in host header even if default ports were being used.
Build v7.0.20101123- 23th November 2010
Improvements:
- More updates to the Client Script Analyser (CSA) engine for better Web 2.0 support
Bug fixes:
- Fix: Added port in host header for https in manual browsing
- Fixed: Crawler not serving pages to Client Script Analyzer engine on request if pages were already queued
- Fixed: Compare results frame crashed if nodes are expanding while still comparing
- Fixed: CanonicalizeLink was incorrectly interpreted ".." style links
Build v7.0.20101115- 15th November 2010
New features:
- Ability to stop individual running security scripts during a scan
Major Improvements:
- Introduced a good number of CSA engine improvements; better support of JQuery and Web 2.0 applications
- Introduced a number of new XSS security checks
Bug fixes:
- Fixed: Memory leak in NTLM authentication
- Fixed: Incorrect interpratation of links with leading "//"
- Fixed: Access violation crashes in HTTP Sniffer for certain SSL websites
Build v7.0.20101028- 28th October 2010
Bug fixes:
- Fixed: Replay of recorded login sequences was not working properly in the free version
- Fixed: NTML authentication was not working properly when using specific type of credentials
- Fixed: Crash in Login Sequence Recorder while detecting invalid session on some particular websites
- Bugfix: Fixed XSS tests to automatically follow redirects
- Bugfix: Fixed script error in ASP.NET padding oracle test
Build v7.0.20101012 - 12th October 2010
Bug fixes:
- Fixed: Client Script Analyser engine was blocking if insertAdjacentHTML used on an element without parent
- Fixed: "Accept" header was not sent by the advanced penetration testing tools
Build v7.0.20100921 - 22nd September 2010
New Security Check:
- Added a security check for the latest OpenX OFC file upload vulnerability
- Added a ASP.NET security check for the ASP.NET padding Oracle vulnerability
Improvements:
- Reduced the number of false positives for Blind SQL injections security checks
- Improved Blind SQL injection tests by adding a number of new tests to detect blind SQL injections in UPDATE/INSERT/...
Bug fixes:
- Fixed: Cookie encoding didn't worked as expected in some cases
- Fixed: Cookie were not always imported from AcuSensor data
Build v7.0.20100902 - 2nd September 2010
New Features:
- Added the option to mark a whole group or node alerts as false positive via right click
Bug fixes:
- Problems with proxy authentication didn't allow proxy users to run scans
- Mark Alert as false positive was not working properly in some cases
Build v7.0.20100901 - 1st September 2010 - NEW VERSION
New Features:
- New scanning engine - faster and reports more vulnerabilities
- New vulnerability verifying techniques to reduce false positives
- New site crawler - ability to crawl a wider range of websites and find more parameters
- Scriptable Vulnerabilities - now vulnerability checks are written in JavaScript
- Ability to analyse website presentation layer to better understand website parameters' functions
- Graphical Scan status interface presents you with more scan information
- Re-scan single vulnerability to avoid launching repetitive scans to verify fixes
- Support for HTTP Keep-alive
- DNS Caching to reduce multiple DNS requests
- Ability to control delay between requests
- HTTP authentication settings node - support for granular specifications of HTTP credentials
- Support for digest HTTP authentication mechanism
- AcuSensor Technology test button to quickly verify installation of remote AcuSensor agent
- Different variants of the same vulnerability are consolidated under one alert node
- Ability to specify label or tag instead of actual website parameter name in Input Fields node
- Option to automatically randomize input for parameters specific in Input Fields node
New security checks:
- Test for SQL Injection in URI
- Stored SQL injection
- Stored file inclusion
- Stored directory traversal
- Stored code execution
- Stored file tampering
- A whole new set of more advanced WebDav auditing checks
- Automated form based authentication auditing checks (e.g. check if credentials can be brute forced)
Major Improvements:
- Consumes less bandwidth
- Improved network traffic handling
- HTTP authentication is now shared between all penetration testing tools
- Improved HTTP Snifffer / Manual crawling process
- Improved support for Web 2.0 requests and responses e.g. JSON, XML etc
- Support for a wider variety of content-types
- Improved Web 2.0 session management support
- Imrpoved XSS (Cross-site scripting) security checks and detection rate
- Added a number of new and improved existing web server security auditing techniques
- Improved file upload security checks
- Improved DNS auditing scripts
Build v6.5.20100616 - 16th June 2010
Change:
- All vulnerabiliy checks which used http://*.acunetix.com test websites, now are using to http://*.vulnweb.com
Build v6.5.20100601 - 19th April 2010
New Feature:
- Added OWASP top 10 2010 report template
Bug Fix:
- Fixed: Proxy crashes when processing some specific SSL traffic
Build v6.5.20100419 - 19th April 2010
Bug Fix:
- Fixed: Access violation when the application exits
Build v6.5.20100407 - 7th April 2010
Bug Fixes:
- Fixed: Login Sequence Recorder was not using client certificates when recording a login sequence
- Fixed: Login Sequence Recorder was not using the configured User Agent string
- Fixed: HTTP Sniffer was not handling some specific web authentication properly
Build v6.5.20100303 - 3rd March 2010
New feature:
- Added a new option to export results to HTTP Fuzzer
New Security Checks:
- Test for XML External Entity Injection
- Test for XML Injection
Improvements:
- Improved directory traversal vulnerability check
- Improved Cross-site Scripting (XSS) vulnerability checks
Bug Fixes:
- Fixed: access violation when the application exists
- Fixed: access violation when protocol was terminated in NotifyCaller function in LSR
- Fixed: AbortVulnXML OnFirstAlert was not imported from settings
- Fixed: Form values were not encoded correctly when submitted from JavaScript (CSA engine)
Build v6.5.20100210 - 10th February 2010
New security check:
- Test for Cross Site Scripting in the Referrer header
Improvement:
- Acunetix Firefox extension now supports latest Firefox release
Bug Fixes:
- Crawler: Html decode form inputs before usage
- Fixed an infinite recursion when crawler reported an external link from the same host but on a different port
- Fixed an issue with the crawler with parsing robots.txt file
- Web Services scanner: Fixed parsing of WSDL files with attributes
Build v6.5.20100203 - 3rd February 2010
New security checks:
- 8.3 DOS filename source code disclosure
- Apache Tomcat Directory Host Appbase authentication bypass vulnerability
- Apache Tomcat WAR File directory traversal vulnerability
- Apache stronghold-info enabled
- Apache stronghold-status enabled
- ColdFusion 9 Solr Service exposed
- Error page path disclosure
- Error page web server version disclosure
- File inclusion RFI list
- Checks for multiple vulnerabilities in XAMPP
- Server-Side Includes (SSI) injection on Unix
- Server-Side Includes (SSI) injection on Windows
- ASP.NET error messages when requesting URL like |.aspx
Improvements:
- Added more variants to FCKeditor arbitrary file upload
- Updated cross site scripting in path security checks
- Updated directory listing security checks
- Updated directory traversal on Unix security checks
- Updated file upload security checks
- Updated LDAP injection security checks
- Updated possible sensitive files security checks
- Updated XPath injection security checks
Bug Fixes:
- Workaround for window.open used with NULL parameter
- Notify elements that they are unbidden
- Notify form if an input was removed
- Include select element values in submitted data
- Fixed: HttpProt was sending content length with CONNECT
- Fixed: Crawler didn't consider post data for links from CSA engine; some where ignored
- Fixed: Login sequence recorder was sending requests synchronously
Build v6.5.20100111 - 11th January 2010
New security checks:
- Test for File Upload IIS bug filename.asp;.jpg
- Test for WP-Forum 2.3 vulnerabilities
- JBoss rmi ping (network script)
Bug Fixes:
- Bugfix: Modified forms notifications from CSA
- Bugfix: CSA: Workaround for window.open with null parameters
- Fixed: In some specific scenarios the scheduler queue was restarting on its own
- Fixed: Node was not expanding automatically when manually adding a new logout link in the LSR
Build v6.5.20091215 - 15th December 2009
New security checks:
- JBoss BSHDeployer MBean
- JBoss checks from RedTeam's paper
- JBoss HttpAdaptor JMXInvokerServlet
- JBoss Server MBean
- JBoss ServerInfo MBean
- JBoss Web Console JMX Invoker
- phpShop v0.8.1 Multiple Vulnerabilities
- Invision Power Board <= v3.0.4 Local PHP File Inclusion and SQL Injection
Improvements:
- Improved Blind SQL injection tests to reduce false positives
- Added better JBoss server detection
- Better detection for Postgre SQL injections
Bug Fixes:
- Fixed: GUI crashes when specific settings are changed in the Port Scanner node
- Fixed: Login Sequence recorder was retaining post data when redirecting to the same page
Build v6.5.20091130 - 30th November 2009
Bug Fixes:
- Fixed: crash in TM_MultiRequest_Parameter_Manipulation module
- Fixed: bug in crawler related with GetVar encoding
Build v6.5.20091124 - 24th November 2009
New:
- New security checks of AcuSensor Technology
-
- curl_exec() url is controlled by user
- PHP preg_replace used on user input
- PHP super-globals-overwrite
- PHP unseriazlie used on user input
- Other new security checks of Acunetix WVS
-
- osCommerce authentication bypass
- Apache Tomcat insecure default administrative password
- Apache Tomcat directory traversal
- Checks for PHP invalid data type error messages
- Check for possible remote SWF inclusion
- Added further checks for possible sensitive files; general tests per server
- Added further checks for possible sensitive directories; general tests per server
- Added a new security check for SQL injection in the authentication header (basic authentication, base64 encoded)
- Added AlertIfTextNotFound group parameter to invert search and issue an alert if a specified text is not found
Improvements:
- Renamed Weak password module to Authentication module since now it includes much more authentication security checks
- Improved Cross-site scripting in URI checks to include Ruby on rails security checks
- Improved Application errors security checks
- Introduced 3 new setting parameters for the crawler in Settings.XML file:
-
- <MaxFirstPossibleValue>262144</MaxFirstPossibleValue>
- <MaxOtherPossibleValues>256</MaxOtherPossibleValues>
- <MaxNumberOfPossibleValues>1000</MaxNumberOfPossibleValues>
Bug Fixes:
- Fixed: false positives issued in weak password alert
- Fixed: WSDL importer crash when importing recursive complex elements
- Fixed: Crawler proxy request handling changed to decode the input name/value
- Fixed Vulnerability Editor to show group parameters with default values if no VulnXML template is used
- Changed HTTP_Anomalies to log PHP errors and save the results in a file (instead of alerts)Changed HTTP_Anomalies to log PHP errors and save the results in a file instead of alerts
- Hidden VulnXML properties for alerts that are not using vulnxml default template in Vulnerability Editor
- Adjusted VulnXML to reduce the number of false positives for Blind SQL injection timing tests
- Updated CSA engine; delete the BOM characters from script sources
- Updated URL_Helper; UrlEncode/Decode modified not to use str := str + ch and to validate hex characters after %
- Updated File_Inputs; possible values are limited in size now
Build v6.5.20091027 -27th October 2009
Bug Fixes:
- Fixed: Redirect on LoginSequenceStep was not followed correctly
- Fix in URL Rewrite module to remove GetVars before matching rules
Build v6.5.20091012 -12th October 2009
Bug Fixes:
- Fixed: Memory leak when invoking state change handler
- Fixed: Item index for an item which has just been inserted fails in the Browserframe
- Fixed: Error in indexing the get variables when redirecting in Session management
Build v6.5.20091005 - 5th October 2009
New:
- Added a new check for SVN repositories
Improvements:
- Improved MultiRequest paramenter manipulation; now using the form matcher to match parameter values
- Improved SQL injection tests
- Improved Application error tests
Bug Fixes:
- Fixed: Links from HTML comments and other sources that are not trusted where not checked if they are from the same host as the base
- Fixed: Login sequence not working properly with HTTP authentication
- Fixed: MessageDlg was used in inittempfiles in console mode
- Fixed: WinInet bug to resent the request if the server accepts client certificates
- Fixed: Redirect from index.php to index.php was not working
Build v6.5.20090917 - 17th September 2009
New:
- Added two new blind SQL injection tests
- Added a new scanning profile for stored XSS only
- Added HTTP verb tempering using POST method check
Improvements:
- Improved appearance for compliance report by adding visual markets and several other presentation enhancements
Bug Fixes:
- Fixed temporary files access issue
- Fixed issue where HTTP Proxy was dublicating the connection: keep-alive header
- Fixed issue where HTTP Proxy was putting the authorization header from fake basic authentication into server request
- Fixed a problem where credentials configured through command line where not working properly in particular situations
Build v6.5.20090813 - 13th August 2009
Improvements:
- HTML forms settings node was renamed to Input Fields. This node now can also be used to pre-define web services operations values.
- New SQL Injection tests added
- New XSS tests (unicode) added
Build v6.5.20090728 - 28th July 2009
New Features:
- Manual Intervention module: better support for CAPTCHA and modern authentication mechanisms
Improvements:
- Added new variants of blind SQL injection tests (now testing both AND and OR boolean operators)
- Added new tests for SQL Injection with charset GBK/Big5
- Added new variants for Cross site scripting
Bug Fixes:
- Fixed several issues with CSA (Client Script Analyzer) engine.
Build v6.5.20090622 - 22nd June 2009
Improvements:
- Better cookies handling in several modules
- Implemented exception handler in Login Sequence Recorder
Bug Fixes:
- Handled issue when non-responsive hosts triggered download dialog
Build v6.5.20090618 - 18th June 2009
New Features:
- Implemented Blind SQL Injection (timing) for web services scanner
- Implemented HTTP authentication for web services scanner
Bug Fixes:
- Fixed problem related to File Inclusion in AcuSensor Technology
- Fixed a problem in ssl_ping network script
Build v6.5.20090519 - 20th May 2009 - NEW VERSION
New Features:
- File upload forms vulnerability checks
- New Login Sequence Recorder; supports much more authentication forms and web technologies
- Session Auto Recognition module; if the session is invalidated or logged out during crawling, the scanner will automatically replay the login sequence without the need of manual intervention
- Actions drop down menu; for each selected node, the actions drop down menu is activated showing all possible functions
- Much more checks and alerts for JSP, Java and Tomcat web server
Major Improvements:
- Improved cookie management and session handling to support modern dynamic websites
- Port scanner and Network Alerts results will appear in a separate node in the results tree
- Users can import Version 6 settings to Version 6.5
- Added blind SQL injection timing test using MySQL's sleep and MS SQL's waitfor function. This will help in discovering particular blind SQL injections that do not report a change on the page
Build v6.1.20090211 - 11th February 2009
General improvements:
- CSA engine now supposrts jQuery and Yahoo! UI JavaScripts libraries
- Added component in scanner to search for links in HTML comments and Flash (SWF) strings
- Created an ASL.1 parser which can parse X509 Certificates
- Improved Crawler; improved Wivet coverage to 94%
- Added more JBoss configuration tests
- Added more Tomcat tests
- Added more web server configuration checks for server path, internal IP and username/password disclosure
- Improved RSS/Atom parses
- Added more attack vectors to source code disclosure and directory traversal tests for both Windows and Unix
Bug Fixes:
- Reporter now filters very long knowledge base items
- Fixed SSL3, TLS1 parsing issues
- Fix in Crawler to handle better query variable in start URL's
Build v6.0.20081209 - 9th December 2008
General improvements:
- Optimized large portions of the code to improve speed
- Optimized Progress text for scripts and port scan
- Show progress on ScanInfo frame
Bug Fixes:
- Module tm_backup_files - can make tests like {filename}{test}{extension} (e.g. file1.php from file.php)
- Crawler was not sending the custom cookies for the first request reporter crash on settings read (only try/except)
- Fixed crash in "import scan results to database" when the scan was running
- SSL certificate validity year fix
- Fixed a bug in parameter manipulation. Crashing when Combination was nil (no values)
- Error in interpreting redirections of type "?getvar=value"
- Fixed jsessionid session fixation test
- Fixed Activation in v6 for Vista.
- Fixed a problem with Authentication Tester (the app was not recovering when an invalid protocol was specified as target) - Reported by Harutyun Sardaryan
- Fixed a crash in HTTP Fuzzer - Reported by Harutyun Sardaryan
- Fix in Blind SQL Injector: On UNION SELECT based string extraction when httpencoding is applied the last char was eaten
Build v6.0.20081028 - 28th October 2008 - NEW VERSION
New tools / Applications:
- AcuSensor Technology
- Port Scanner and Network Alerts tool
- Blind SQL Injector Tool
General improvements:
- Pause and Resume scan functionality
- Option to mark an alert as false positive
- Support for NTLM v2
- Scanner can now gather a list of uncommon HTTP responses
- Scanner can automatically stop if a number of network errors occure or web server does not respond.
User Interface improvements:
- Compare results tool now compares also Knowledge Base items and list of open web server ports
- Possibility to quickly locate a vulnerability by using a filter while before only search was allowed
- In Scanning profiles and Vulnerability Edior vulnerabilities are automatically sorted by name
- In HTTP Fuzzer results can be sorted by clicking on header columns and changes in Fuzzer filters are automatically reflected in results window
Scheduler improvements:
- All scanning options are now available in scheduler
- Option to configure the day of the week or month for a scheduled scan
- Option to configure scan exclusion hours, i.e. when an ongoing scan should be paused and resumed
Build v5.1.70829 - 4th September 2007
- Huge improvement in memory handling! - Memory handling is now done in a much more efficient way and temporary data is now stored by default onto the hard drive freeing up a LOT of system memory especially when dealing with large websites.
- Introduced pre-conditions to various vulnerability tests - this will check if vulns can actually exist in a certain environment before starting to test for then - thus avoiding checking for vulnerabilities in vain and at the same time speeding up the scanning time.
- Summary view for alert nodes - avoids long delays in displaying all alerts under a node
- Added "Current Test" information to the scan information view
- Improvements in HTTP Fuzzer
- Fixed Javascript issue with parsing certain websites
- Fixed validation when saving login sequence file
- Fixed crash with error "sitefile parts already loaded"
- Fixed Web Services Scan Wizard detection of Inputs for particular WSDL URLs
- Fixed Web Services Scaner crash when clicking on some elements of the tree structure
Build v5.0.70621 - 25th June 2007
- Tweak in Heuristic scanning mode for improved memory management
- Enabled by default save crawling data to disk
- Added Day and Month to timestamps in Activity Window
- Small text changes in crawler settings
- Elevation of privileges OS vulnerability fix
Build v5.0.70604 - 11th June 2007 - NEW VERSION
New Tools / Applications:
- Subdomain Scanner
- Web Services Scanner
- Web Services Editor
- Reporter Application
General Improvements:
- Microsoft WindowsVista Support
- Visual Interface Improvements with new graphics and buttons
- Source View in various parts of the product
- Password protection for all Acunetix Tools and applications
- Upgrading from Previous Versions/Builds keeps all Settings and Configurations
Reporting Improvements:
- New Reporter Application
- Detailed Scans View from the Database
- Standard Report Templates: Developer, Executive, Vulnerability
- Scan Comparison Templates
- Statistical Templates: Yearly, Monthly, etc..
- Compliance Reports Templates: PCI, Sarbanes-Oxley, HIPAA, etc..
Crawler Improvements:
- Manual Choice of Files from the Site Structure
- Directory Recursion (loop) Detection
- URL Rewrite Detection and Warning to User
- Improved Filtering (replacing the old search functionality)
Scanner Improvements:
- New Scanning Mode Option: Quick, Heuristic and Full
- Multi-Step Scanning
- Stored XSS Tests
- Header Manipulation
- Improved Blind SQL Injection Tests
- Improved Mod_Rewrite Support
- Improved Filtering (replacing the old search functionality)
- Grouping of Test Variants
- Sitemaps Support
- Added New Vulnerability Tests
Scheduler Improvements:
- Support for Web Services Scheduled Scans
- New options for Source and Output of Scans
- Mail Notifications
Command Line Improvements:
- New options added to support more functions like the full application
- Web Services Scans
- Mail Notifications
Database Improvements:
- Significantly Reduced DB Size by 90% while keeping the same details and more!
- New Database Structure (conversion tool available to upgrade from v4 structure)

