Acunetix 360 On-Demand - v23.5
This update includes changes to the internal agents. The internal scan agent’s current version is 23.5.0. The internal authentication verifier agent’s current version is 23.5.0
NEW SECURITY CHECKS
- Added new security check for LDAP injection for IAST.
- Added new security check for MongoDB injection.
- Added new security check for Server-side Template Injection for IAST.
- Added new security check for XPath injection for IAST.
- Implemented security check for Sensitive Data Exposure.
IMPROVEMENTS
- Updated the Java sensor for more stability in the sensor.
- Added the Response Receiver information event to remove waiting time for requests.
- Improved the discovery service for email, website, and main website matching.
- Improved the Not Contains filter for tags.
- Added the EC2 Instance ID column to the default columns on the Discovered Websites page.
- Updated API documentation for outdated ApiFileModel JSON example.
- Added an information message to the report policy page in case the custom report policy cannot be found.
- Improved the agent assignment process to prevent performance issues.
- Changed the Launch Scan button to the New Scan button on the dashboard.
- The Scan data files and Agent files (for Scanner/Verifier upgrades) are retrieved from AWS S3.
FIXES
- Fixed an issue that caused a bad CSRF token when confirming Cross-site Scripting.
- Fixed the issue that is filling out the login form on the logout page during the login verification.
- Fixed the issue of changing the order of API parameters while importing the JSON file.
- Fixed the vulnerability signature types for Cloudflare and Cdnjs.
- Fixed the custom script information on the 3-Legged Authorization in the scan summary.
- Fixed the issue that prevented empty website groups from being deleted.
- Fixed the issue that resulted in the scanning of the target URL instead of the GraphQL endpoint.
- Fixed the token detection issue although the Detect Bearer Authorization Token function is disabled.
- Fixed the case-sensitive parameter name that caused issues when migrating the database.
- Fixed the ServiceNow integration issue that failed to export the issue information.
- Fixed the issue that allowed a user with permission to add/edit a website group the ability to view all account websites.
- Fixed the permission issue that a user can add and edit discovery connection via an API endpoint although the user does not have that permission.
- Fixed the logo issue that the Knowledge Base report was showing the old Invicti logo.
- Fixed issues encountered during scan deletion and canceling to improve performance.