Introduced DeepScan Technology which enhances crawling of JavaScript based web sites, including AJAX and Single Page Applications (SPA). DeepScan is powered by WebKit.
Improved support for mobile friendly web sites
Improved ability to crawl such sites
User is given option to scan mobile friendly version of website
Drastically increased the detection of DOM-based XSS
Launched Acunetix AcuMonitor used to detect vulnerabilities that can only be detected using an intermediate server. The use of AcuMonitor requires registration.
New parameter: /SaveCrawlerData. This new parameter can be used to save the crawler data following a scan from command line.
At the end of a scan, the command line output includes scan statistics showing the number of files detected, number of requests, average response and other data which is shown in the main application.
Introduced http://testhtml5.vulnweb.com – a new HTML 5 test site which hosts various HTML5 specific vulnerabilities
Improvements
Blind SQL Injection script has been revamped and now provides better detection and significantly reduces false positives
Crawler has been updated to support 303 and 307 HTTP Redirection Status codes
Updated HTML Authentication Auditing script
When a vulnerability is identified, Acunetix will stop checking for variations of the vulnerability. This decreases the scan time, and prevents reporting the same vulnerability multiple times on the same input field.
HTTP Authentication now allows saving of websites with underscore in the domain names
Backup file script has been updated to not display large binary files in HTTP editor.
Bug Fixes
Fixed non-responsive user interface caused when saving scan results.
Fixed issue where some scans incorrectly reported the alert ‘Password type input with auto-complete enabled’ multiple times incorrectly.
Some scans used to run the perServer scripts twice, thus taking longer and reporting the same vulnerability twice.
Scheduler sometimes reported an ‘Unknown State’ when a scan is cancelled.