We are pleased to announce an updated build of Acunetix Web Vulnerability Scanner 8 (WVS 8). The new build 20120613 offers a number of new security checks, new scanner funtionalities, improvements and bug fixes.
New Security Checks
- New security checks for Microsoft SharePoint.
- Debug Parameters test offers you the ability to check your web applications if common debug parameters, such as “?debug=1” disclose sensitive information.
- New Cross-Site Scripting checks for Ruby on Rails / Homakov variants.
- Security check for JetBrains .idea project directory.
- ToolsPack backdoor verification.
- Security check for Fantastico_Filelist information disclosure.
- Tests for authentication bypass vulnerabilities in MySQL, MariaDB (CVE-2012-2122).
- Check for Nginx restrictions bypass (CVE-2011-4963).
- New checks when phpinfo() page is discovered: all html in such page is parsed and various alerts are issued reporting PHP configuration problems (display_errors on, register_globals etc).
- Ability to export report in the Report Viewer.
- Alerts you when HTML forms do not have CSRF protection.
- Rewrote the ASP_NET_Oracle_Padding security script.
- Improved SVN/GIT repository security scripts.
- Improved presentation for all the alerts generated by crawler by showing more attack details.
- Login sequence recorder is now using the configured user-agent.
- Cookies path parameters are better supported.
- The scheduler authentication checkbox is restored properly if you press “Cancel”.
- Fixed theTrace/Track HTTP method test security script issue.
- The input forms which are part of the login sequence are no longer filled with HTML forms pre-configured data.
- Fixed the namespaces issue on the Web Services scanner.
- Corrected the requests which are generated by the scan results imported from the Firefox extension.
- Blind SQL injection now reports the correct value in the alert details.
- Fixed the Jquery problem: CSA select html element and options are now correctly handled.
How to Upgrade to Build 20120613
On starting Acunetix WVS 8, a pop-up window will automatically notify you that a more recent build is available for download. Navigate to the General > Program Updates node in the Tools explorer, click on Download and Install the new build.
View the complete Acunetix WVS change log here.