Acunetix v10.5 (build 20160427) has been released. This new build includes a new version of the .NET AcuSensor registers with .NET web applications in a way that supports signed .NET Assemblies. In addition, it includes new and improved vulnerability checks and a number of minor features and bug fixes. Below is the full list of updates:
- New version of .NET AcuSensor (requires removal of the sensors installed in the web applications – check this blog post for more info)
- Implemented a test looking for JSP source code disclosure via SOH (start of header)
- Added a script for parsing specific Java error messages to improve crawling coverage and discover new content.
- Improved backup config files discovery
- Request cookies will now be automatically processed from proxy log requests and used during a scan
- The Crawler now processes untrusted URLs even if they do not belong to the host being scanned.
- Fixed a number of false positives in the SQL injection vulnerability checks
- Limit AST parsing to files smaller than 1Mb
- Fixed an SQL injection vulnerability in the reporter.
How to Upgrade
If you are running Acunetix Web Vulnerability Scanner v10, you will be notified that a new build is available to download when you start the application. Navigate to the General > Program Updates node in the Tools explorer, click on Download and Install the new build.
If you are running Acunetix WVS v8 or v9, you should follow the upgrade instructions available in the “Upgrading from a previous version of Acunetix Web Vulnerability Scanner” in the Acunetix WVS user manual.