Acunetix Premium - v13.0.200911154

New Features

  • New Data Retention settings, providing the ability to:
    • Keep the last 3 scans for each target and archive previous scans
    • Delete archived scans which are older than 2 years
    • The above data retention settings are configurable
    • The above settings affect vulnerabilities detected, which are archived / deleted accordingly
  • A default scan profile can be configured for each target
  • Forgot Password option for Acunetix On premise, allowing users to reset their password - Email settings need to be configured
  • Detect paths in JavaScript code via static method analysis
  • Ability to retrieve links from several HTTP headers
  • Scanner will try to auto-discover API definitions

New Vulnerability Checks


  • Vulnerabilities are now shown as grouped by Vulnerability Type and FQDNs
  • Numerous improvements affecting vulnerability deduplication
  • Deleted Targets will not be showing in the UI by default
  • Malicious links detected will be highlighted in the vulnerability report
  • Ability to scan all Targets in a Target Group
  • Improved Swagger support implementation
  • Updated backup files/folders and possible sensitive files checks to report alerts on parent of file detected
  • Time zone can now be configured by each user account
  • User accounts can now change UI to Chinese
  • .NET Sensor updated to support .NET Core
  • Updated Session Fixation vulnerability check to avoid possible False Positives
  • Updated to Chromium v83


  • Fixed issue with offline activation
  • Fixed a few crashes occurring on specific sites
  • Fixed issue affecting AcuMonitor when scanning certain sites
  • Various small UI fixes
  • Fixed Target Deletion issue for Consult licenses
  • Fixed: PDF report generation was failing in specific situations
  • Fixed issue causing HTTP requests passing through a proxy to fail
  • Fixed issue affecting relative HTTP redirects
  • Fixed issue causing Manual Intervention not to work on Linux
  • Fixed issue causing DeepScan to miss some DOMXSS vulnerabilities
  • Fixed text overlapping issue in reports
  • Fixed issue causing Telerik Web UI RadAsyncUpload Deserialization (CVE-2019-18935) to not always be detected
  • Fixed: 'HTTP Strict Transport Security (HSTS) not implemented' and 'HTTP Strict Transport Security (HSTS) Best Practices' where using the same name
  • Fixed: Sensitive files / directories checks were missing Attack details
  • Fixed issue caused when sorting scans by target description
  • fixed a few issues in the Login Sequence Recorder and Business Logic Recorder