The new build of Acunetix Web Vulnerability Scanner released today includes a number of new features, new security checks and also a number of bug fixes. Ideal for scanning and securing today’s complex custom web applications, the main new feature allows importing of multiple HTTP Sniffer logs to the same crawl (manual crawling of web applications). It is also possible to import HTTP Sniffer logs into an already existing crawl.
- Ability to import multiple HTTP Sniffer captures to the same crawl.
- Ability to merge HTTP Sniffer captures to existing website crawls.
- A new option that allows you to specify a different email address for each configured scan in the scheduler.
- HTTP Fuzzer number generator now support padding; i.e. you can use a leading zero e.g. from 01 to 10.
- A new option to specify if the latest cookie from the scanned website should be used rather than the one discovered during the crawling.
- New option to force scanner not overwrite user specified custom cookies with newer cookies form the scanned website.
New Security Checks:
- Added a test for .Net Cross Site Scripting (Request Validation Bypassing).
- New security check for MediaWiki security issues.
- Fixed a Crossdomain in XML false positive.
- Fixed the Scan Wizard back button issue; there were instances were it was not working correctly.
- Fixed a bug in the scanner to scan only website files found during the crawl.
- Fixed a memory leak in the Client Script Analyser engine.
- The Login Sequence Recorder User-Agent string is now the same in both the header and in the scripting code.
- Fixed a bug with the WSDL scanner “Customize” button.
How to Upgrade to Build 20120911
On starting Acunetix WVS 8, a pop-up window will automatically notify you that a more recent build is available for download. Navigate to the General > Program Updates node in the Tools explorer, click on Download and Install the new build.
View the complete Acunetix WVS change log here.