Acunetix Web Vulnerability Scanner version 9, build 20131023 includes new DOM XSS checks for the type of DOM XSS vulnerabilities that can be injected in the HTTP GET parameters. This new build also includes the option to automatically save scan results to disk after a scan, speed and efficiency improvements as well as various bug fixes.

New Functionality

  • Introduced the detection of additional DOM XSS vulnerabilities which can be injected in the HTTP GET parameters.
  • Implemented the option to auto-save scan results after the scan is completed. This can be configured from Configuration->Application Settings->Saved scan results. This node also includes the Database settings, which are used for the reporting database.

Improvements

  • Reduced number of requests made by PerFolder scripts by making some optimizations in the scripts.
  • Improved Readme_Files script to reduce some false positives originating from sites using a custom 404 page

Bug Fixes

  • Affected file was sometimes set incorrectly for DOM XSS vulnerabilities.
  • Fixed an issue causing the scan to check for possible sensitive files/folders when AcuSensor is enabled, and thus such files would already be known.
  • Saving scan results to reporting database and loading of saved scans sometimes caused WVS to crash
  • The Edit Request Variables option in the HTTP editor was not visible
  • Fixed Out of memory crash in AcuSensor for PHP when “mbstring.func_overload” is enabled.
  • Fixed memory leak affecting large websites

How to Upgrade

If you are running Acunetix WVS 8, you should follow the upgrade instructions available in the “Upgrading from a previous version of Acunetix Web Vulnerability Scanner” in the Acunetix WVS user manual.

If you are running Acunetix WVS v9, you will be notified that a new build is available to download when you start Acunetix WVS. Navigate to the General > Program Updates node in the Tools explorer, click on Download and Install the new build.

You can see the complete Acunetix WVS change log here. If you have any technical questions, feel free to email the Acunetix Support Team.

SHARE THIS POST
THE AUTHOR
Acunetix

Acunetix developers and tech agents regularly contribute to the blog. All the Acunetix developers come with years of experience in the web security sphere.