Note: This is no longer available. Click here to download a 14-day free trial of the latest version of Acunetix.

A new version of Acunetix Web Vulnerability Scanner is available in beta, and what a version!

It has been one long year of development, testing and late nights at the office, though it was all worth it, and the results speak for themselves!  Most of the core components have been rewritten, such as the crawler, scanner, vulnerability checks and the HTTP stack.  Acunetix WVS Version 7 is around 75% faster and more intelligent scanner than its predecessors.  Most of the web vulnerability checks have been migrated from VulnXML format to Scripts.  This allows us to have more advanced and flexible security checks, while reducing false positives.  It is also easier for you to develop your own web vulnerability checks.  Version 7 also includes much more meticulous web security tests, some of which were not possible before.

If you are interested in testing the new BETA of Version 7, and you already own an Acunetix WVS Enterprise or Consultant license with a valid maintenance agreement, contact us at beta@acunetix.com.

The new features of Version 7 are:

  • A new revolutionary and intelligent scanning engine
    • Detection of a wide range of new web vulnerability types
    • No more ‘brute force style’ vulnerability checks
    • Consumes less bandwidth
  • Less False Positives and False Negatives reported
    • Website parameters are thoroughly analyzed to understand their purpose
    • A Number of thorough checks are launched before vulnerabilities are reported
    • Human like vulnerability verifying techniques
  • Scriptable Vulnerabilities
    • More flexible and advanced web security checks
    • Easier to script own vulnerabilities
    • Faster processing
  • Consolidation of reported vulnerabilities
    • Different variants of the same vulnerability are consolidated under one detailed report
    • Presenting the problem to developers in a more precise and understandable way
    • Facilitates prioritization and coordination of vulnerability remediation
  • Advanced analysis of website presentation layer
    • Less chances of breaking down a website because of a security scan
    • Ability to automatically submit the correct data in web forms
  • A whole variety of new vulnerability checks
    • Stored SQL injection
    • Stored File Inclusion
    • Stored Directory Traversal
    • Stored Code Execution
    • Stored File Tampering
    • More advanced WebDav auditing checks
    • Automated form based authentication auditing (e.g. tests to check if credentials can be brute forced, for common username and passwords etc)
    • Test for SQL Injection In URI
  • New Scan Status Interface
    • Graphical presentation of scan status
    • Granular explanation of current running tasks
    • Ability to capture more information at a glance
  • Re-Scan capabilities
    • Right click a reported vulnerability and relaunch the test
    • No need to rerun a whole crawl and scan to verify fixes
    • Saves time in verifying corrections
  • Ability to specify label or tag instead of actual parameter name in input fields settings node
  • Option to automatically randomize input for parameters specified in Input Fields settings node
  • New well known web applications (e.g. WordPress) finger printing module

Major improvements in Version 7:

  • Drastically improved Web 2.0 applications support
    • Better handling and parsing of JSON and XML requests and responses, and other similar Web 2.0 technologies
  • Improved Session Management
  • Improved HTTP Sniffer / Manual crawling process
    • Support for a wider variety of content-types
    • Support for Web 2.0 requests and responses e.g. JSON, XML etc
  • Improved network traffic handling
    • Support for HTTP Keep-alive
    • DNS Caching helps in reducing multiple DNS requests
    • Ability to control delay between requests
    • Faster handling of traffic
  • HTTP Authentication
    • Support for Digest HTTP authentication mechanism
    • Crawler supports more than a single pair of HTTP credentials for the same host
    • HTTP Authentication settings are now shared between all Acunetix WVS tools
    • Granular specification of credentials (per server, directory or file)
      New HTTP Authentication settings node
  • Site Crawler
    • Supports a wider variety of communication mechanisms
    • Improved handling and detection of links and input parameters
    • Faster crawling of websites
  • Improved XSS Detection rate
  • Improved web server security auditing techniques for source code disclosure, directory listing and directory traversal checks
  • Drastically improved file upload security checks
  • Improved DNS auditing scripts
  • Improved security checks for old, backup files and other similar file checks

Acunetix VWS Version 7 documentation

The Acunetix WVS Version 7 user manual is available in PDF Format.

With the introduction of scripting, a Getting Started guide / SDK is available to help you understand how the new vulnerability checks are implemented in Acunetix WVS, and to help you write your own scripts / security checks.  We also developed a new tool, ‘WVS Scripting’, to help you writing your own scripts and testing them.  You can download the documentation and tool from the following location; https://www.acunetix.com/download/tools/WVSSDK.zip.

At a later stage, a more detailed SDK and ‘WVS Scripting’ tool documentation will also be released.

SHARE THIS POST
THE AUTHOR
Acunetix

Acunetix developers and tech agents regularly contribute to the blog. All the Acunetix developers come with years of experience in the web security sphere.