New Features
- New report template for ISO 27001
New Security Checks
- During a scan Acunetix WVS checks if the MongoDB web interface is open on the external interface
- Check for included scripts which are from an invalid hostname
- Added a new module for testing Slow HTTP Denial of Service attacks like Slowloris
- Added a new security check that tries to guess various internal virtual hosts (information disclosure)
- Checks for phpLiteAdmin default passwords
Improvements
- Improved the SQL Injection detection for SQLite3
- Further improved the Cross-Site Scripting security check
- Added detailed descriptions to all the Acunetix WVS security scripts
- Removed all broken web references in vulnerability reports and added several new ones
- Improved the Joomla! security scripts for more enhanced security scanning of Joomla! portals
Bug Fixes
- Fixed a text wrapping issue in the compliance reports
- Fixed an issue where the CSA engine was being executed multiple times against the same file during a scan
- User-Agent header is now included with the in-session check request
- Login Sequence Recorder now uses the timeout value specified from settings
- Fixed several crashes when the Login Sequence Recorder was used against some specific websites