Acunetix 360 On-Demand

New feature

• Implemented webapp for secure storage and retrieval of passwords for Pre-Request scripts
• Added an integration for NTA with NGINX (Read more)

Improvements

• Implemented default limit setting to 1000 without flag for all fields except Second Level Domains
• Implemented custom field Parent option in integration with Azure Boards
• Implemented agent for secure storage and retrieval of passwords for Pre-Request scripts

Resolved issues

• Fixed an issue with Bad Request Response on Scan Summary
• Fixed naming issues of WordPress plugin Contact Form 7
• Implemented possibility to keep the report history of PCI scans with exceptions defined
• Fixed the issue of LoginRequiredUrl and Pre-Request script requests causing bottlenecks in HTTP requests
• Fixed an issue that unnecessarily included the code parameter in OAuth2 authorization requests
• The scanning engine now correctly processes merged request headers received from browser

New feature

• Added an option to prevent reopening Issue Tracker issues when a vulnerability is marked as False Positive and later revived (Read more).

Improvements

• Requests with empty or default values are not sent to DeepInfo
• Introduced a new setting under the Account General settings, within the Data Privacy and Security section, to modify the X-AMZ-Expires parameter while downloading the scan data
• Enhanced the “Configure New Agent” page to include additional details for auth verifier agents (Read more)
• Updated remediation details for outdated AngularJS versions
• [BREAKING CHANGE]: Updated the Docker agent’s compression method and file extension; ensure any automation or scripts referencing the old format are updated accordingly

Resolved issues

• Fixed an issue where the Issue note field could not be updated
• Fixed inefficient algorithmic complexity in DotNet IAST Sensor
• Resolved the issue where an invalid character response occurred when attempting to add a user
• Resolved the “Invalid Target URI” error that occurred when editing the Target URI to end with multiple slashes (///) on the new scan page
• Resolved the issue where the scan profile was not updating with the support account
• Fixed restrictions for JIRA integration
• Fixed an issue where pressing “Enter” instead of clicking the “Check” button during password verification triggered a full scan instead of the intended login verification
• Updated Chromium and Node.js versions, resolving Chromium-related issues, including the unexpected increase in Chromium count
• Exclude URL rules now function correctly even when the excluded URL is the target
• Fixed an issue with retrieving OAuth2 token data from JSON responses

Improvements

• Added the ability to reset the issue state to its default

Resolved issues

• Fixed an exception caused by an invalid Target URI in scheduled scans
• Fixed an issue where proxy credentials were not encrypted when launching InvictiProxy
• Fixed inconsistent styling in the report policy, ensuring uniform formatting in the vulnerability profile sections

Improvements

• Added a loading state for the Export CSV button to prevent multiple clicks
• Improved value filling in GraphQL queries
• Added the ability to re-scan cloned PCI scans on previously scanned targets to apply exceptions

Resolved issues

• Fixed an issue where ‘LaunchInstance’ errors caused GUIDs to be stored instead of AWS-generated instance IDs in the database
• Fixed an issue that caused the Mend vulnerabilities to be reported with incorrect severity
• Replaced a formatted string in a SQL statement with a prepared statement using SqlCommand and SqlParameter to prevent potential SQL injection
• Fixed the issue which was causing exports from Invicti Standard to Acunetix 360 to fail
• The issue preventing the use of the Chromium Extension in Scanner and Verifier Agent has been resolved

Improvements

• API specifications from sub-organizations in Mulesoft are now synchronized into API Inventory

Resolved issues

• Improved performance of the All Issues page