Acunetix 360 On-Premises - v24.7.0

New Features

  • Share Usage Analytics: New option to share anonymous diagnostics and usage data with Invicti and our analytics partner, Pendo
  • LDAP Service: New settings enable administrators to manage LDAP server configurations (available for select customers)
  • Added custom headers for communication between Agents and Invicti Hawk
  • Added a warning message when creating scan targets for websites that do not have a hostname mapped to an IP address

New Security Checks

  • Added detection for supply chain attacks through Polyfill JS
  • Added detection for GeoServer SQLi (CVE-2023-25157)
  • Added checks for various WordPress plugins

Improvements

  • Renamed the ‘Websites and APIs’ menu to ‘Targets’
  • Improved Credit Card Disclosure Security Check
  • Set the severity of ‘Possible XSS’ vulnerabilities to ‘Informational’
  • Improved various Sensitive Data Exposure security checks
  • Improved detection of the Short SSL Key Length vulnerability
  • Added capability to check for Sensitive Data in XML responses

Fixes

  • Added OpenShift certificate permission to resolve an SSL/TLS untrusted root certificate vulnerability issue with Docker/Kubernetes agents
  • Fixed a timeout issue on the global dashboard
  • Fixed missing Request Body content in vulnerability details
  • Fixed an issue with the selection of agent groups
  • Fixed an issue with the order in which internal agent scans are initiated
  • Fixed an issue with the ‘Ignore Certificate Errors’ Agent setting for SSL Validation
  • Fixed a download problem with PCI reports
  • Fixed an issue with the SSO login that was causing incorrect redirects
  • Removed references to 3.2 in the PCI DSS Compliance scan summary
  • Fixed an issue with the Azure Boards integration reopening old vulnerabilities that do not link to active issues in Invicti Enterprise
  • Fixed a timeout issue that was occurring on a pre-request script
  • Fixed a problem in the JWT Engine to resolve a false positive issue
  • Updated vulnerable OpenSSL libraries to secure versions
  • Fixed a bug in the Checkout Logout Detection so that it now chooses the same verification agent as the verification process
  • Fixed an issue related to the OTA app scan
  • Fixed HTTP 413 responses resulting from nonce cookies stacking