Acunetix 360 On-Premises - v23.9.0

New features

  • Added the option to set a Custom HTTP Authorization Header under Scan policy > HTTP > Request
  • Adjusted agent download parameters to allow installation of internal scanner agents using the Docker client via the Invicti registry service
  • Changed the compression tool and default compression format for log files from 7zip to Tar
  • Added functionality to enable entering multiple IP addresses and IP ranges into the IP Address Restrictions setting. Previously, only single-entry IP addresses were permitted.
  • Added TLS certificate authentication as an option when integrating with HashiCorp Vault. Previously, we only supported token authentications.

New security checks

  • Added new patterns to detect XSS

Improvements

  • Improved notification delivery with integration services
  • [Closed Beta] Protected visibility of passwords within custom scripts
  • Improved detection and reporting of File Inclusion vulnerabilities
  • Improved detection and reporting of Sensitive Data Exposure vulnerabilities
  • Improved detection and reporting of Dockerfiles
  • Disabled caching from the boolean-based MongoDB security engine to avoid possible false positives
  • Improved the content-type exemption for non-HTML content types in the CSP engine
  • Improved the typehead.js check to increase stability
  • Removed the X-XSS-Protection header check because it is deprecated by modern browsers
  • Added functionalities to prevent bot detection and fixed an issue that was causing cookie loss after authentication
  • Improved the remediation part for the JetBrains .idea detected vulnerability
  • Added information to the UI about the functionality of the 'Edit My Team's Role' permission
  • Added bypass list functionality for scan policies

Fixes

  • Fixed a bug in the date filter that was causing incorrect information to display on the dashboard
  • Fixed the external SOAP web service import problem
  • Fixed a problem that was causing default values to be filled incorrectly, resulting in false negatives
  • Fixed Vulnerabilities visible from the UI but not via API in certain failed scan situations
  • Fixed inconsistent scan states in rare deleted scan scenarios
  • Fixed missing Next Execution Time for certain scheduled scans
  • Fixed an issue that prevented saving scheduled scans in some scenarios
  • Fixed inconsistencies in the Resource Finder with certain hidden files and backup files
  • Improved updating of groups in Azure Provisioning scenarios