A new Acunetix update has been released for Windows, Linux, and macOS: 14.3.210615184.

This Acunetix release introduces software composition analysis (SCA) functionality, allowing customers to detect vulnerable open-source libraries used by the web application. It also provides multiple updates, including a revised PCI DSS compliance report, numerous improvements to the Acunetix UI, and a modernized .NET AcuSensor (IAST). We have also added several important vulnerability checks for well-known applications and we have made numerous updates and fixes, all of which are available for all editions of Acunetix.

New features

  • New SCA (software composition analysis) functionality for PHP, JAVA, Node.js, and .NET web applications. Acunetix will report vulnerable libraries used by the web application when AcuSensor is used.

New vulnerability checks

Updates

  • Updated .NET AcuSensor
  • .NET AcuSensor can be now deployed from CLI
  • User is notified when imported URLs are out of scope
  • Scan events are not shown in JSON anymore
  • New column for continuous scanning on the Targets page
  • New filter on the Targets page to easily identify targets with debugging enabled
  • The Vulnerabilities page shows if the vulnerability was detected by a web or network scan
  • Merged Add Target and Add Targets options in UI
  • Custom field, labels, and tags can be configured for issue trackers
  • Platform admin can now unlock locked accounts
  • New column in CSV export showing details in text only
  • Updated the way that AcuSensor token can be updated in the target settings
  • PCI DSS compliance report updated to PCI DSS 3.2.1
  • Compliance reports updated to make use of the Comprehensive report template
  • Browser dev tools can be used when LSR is started from CLI
  • Updated XFO check
  • Multiple UI updates
  • Improved false positive detection of out-of-band RCE and argument injection vulnerabilities
  • Multiple updates to the Postman import implementation
  • Updated JavaScript library audit to support merged JavaScript files

Fixes

  • HSTS has been enabled for the AcuSensor bridge
  • The latest Alerts section of Scan results was not updated with AcuMonitor (OOB) vulnerabilities
  • The Fragments option was not clickable in the site structure
  • HSTS Best Practices was sometimes being reported multiple times
  • Fixed HSTS false negative
  • Fixed issue in the detection of Django 3 weak secret
  • Fixed issue causing GitHub labels not to be updated when changing the GitHub issue tracker project
  • Fixed an encoding issue in the Node.js AcuSensor
  • Fixed an issue causing corruption of the target knowledge base
  • Fixed a DeepScan timeout when processing the Prototype JavaScript library
  • Fixed an issue causing the outdated JavaScript libraries check not to report external libraries
  • Fixed an issue in the Oauth password credentials grant

Upgrade to the latest build

If you are already using Acunetix build 14.x, you can initiate the automatic upgrade from the new build notification in the Acunetix UI > About page.

If you are using Acunetix build 13.x or earlier, you need to download Acunetix from here. Use your Acunetix license key to download and activate your product.

SHARE THIS POST
THE AUTHOR
Nicholas Sciberras
Chief Technical Officer
As the CTO at Acunetix, Nicholas is passionate about IT security and technology at large. Prior to joining Acunetix in 2012, Nicholas spent 12 years at GFI Software, where he managed the email security and anti-spam product lines, led multiple customer service teams and provided technical training.