An updated build for Acunetix WVS Version 6.5 has been released with a number of improvements, bug fixes, and most important of all, a good number of new security checks.
- New security checks of AcuSensor Technology
- curl_exec() url is controlled by user
- PHP preg_replace used on user input
- PHP super-globals-overwrite
- PHP unserialize used on user input
- Other new security checks of Acunetix WVS
- osCommerce authentication bypass
- Apache Tomcat insecure default administrative password
- Apache Tomcat directory traversal
- Checks for PHP invalid data type error messages
- Check for possible remote SWF inclusion
- Added further checks for possible sensitive files; general tests per server
- Added further checks for possible sensitive directories; general tests per server
- Added a new security check for SQL injection in the authentication header (basic authentication, base64 encoded)
- Added AlertIfTextNotFound group parameter to invert search and issue an alert if a specified text is not found
- Renamed Weak password module to Authentication module; now it also includes a good number of new authentication security checks
- Improved Cross-site scripting in URI checks to include a number of Ruby on rails security checks
- Improved Application errors security checks
- Introduced 3 new setting parameters for the crawler in Settings.XML file:
- Fixed: false positives issued in weak password alert
- Fixed: WSDL importer crash when importing recursive complex elements
- Fixed: Crawler proxy request handling changed to decode the input name/value
- Fixed Vulnerability Editor to show group parameters with default values if no VulnXML template is used
- Changed HTTP_Anomalies to log PHP errors and save the results in a file instead of alerts
- Hidden VulnXML properties for alerts that are not using VulnXML default template in Vulnerability Editor
- Adjusted VulnXML to reduce the number of false positives for Blind SQL injection timing tests
- Updated CSA engine; delete the BOM characters from script sources
- Updated URL_Helper; UrlEncode/Decode modified not to use str := str + ch and to validate hex characters after %
- Updated File_Inputs; possible values are limited in size now
How to upgrade:
On starting up Acunetix WVS, a pop up window will automatically notify you that a more recent build is available for download. To download the latest build, navigate to General > Program Updates node in the Tools explorer, and click on Download and Install new build.
Click here for the complete Acunetix WVS change log.
Contact us on firstname.lastname@example.org for any technical queries, and on email@example.com for any sales queries.
Get the latest content on web security
in your inbox each week.