Build v10.0.20150820 – 20th August 2015
- Added a test for Server-Side Template Injection vulnerability.
- Added tests for new WordPress (core and plugins) vulnerabilities.
- Added a test checking for Django Debug Mode
- Improved CRLF injection/HTTP response splitting tests
- Improvements to the XSS testing script
- Updated Payment Card Industry (PCI) report to PCI 3.1
- Updated DISA Application Security and Development STIG report to V3R10
- LSR updated to support all SSL cipher suites
- Fixed a crash in WSDL scanner
- Various updates and fixes in the Login Sequence Recorder
- DeepScan blocks on a specific sites
- Fixed bug in Scan wizard
- Crash in Scan wizard when choosing a non-existent login sequence file name
- Crawler starturl was incorrectly set to http instead of https when importing from proxy log
Build v10.0.20150623 – 24th June 2015 – NEW VERSION
- New Login Sequence Recorder which supports Single-Sign-On (SSO) and OAuth-based authentication.
- Database of 1200 WordPress-specific vulnerabilities, including checks for WordPress core and popular WordPress plugins.
- Improved scanning of Java / J2EE web applications
- Improved scanning of Restful Web Services, including parsing of WADL files
- Improved scanning of web applications implemented in Ruby on Rails
- Detection of XML External Entity (XXE) via REST APIs
- Crawling a website can now be pre-seeded using HAR files and exports from Fiddler, Burp, Selenium and the Acunetix Sniffer
- Introduced the detection of links to websites known to host malware or used for phishing
- Improved support for WSDL-based web services by introducing support for