Acunetix Premium - v9.0.20130814

New Features

  • FULL support for HTML5
  • Introduced DeepScan Technology which enhances crawling of JavaScript based web sites, including AJAX and Single Page Applications (SPA). DeepScan is powered by WebKit.
  • Improved support for mobile friendly web sites
    • Improved ability to crawl such sites
    • User is given option to scan mobile friendly version of website
  • Drastically increased the detection of DOM-based XSS
  • Launched Acunetix AcuMonitor used to detect vulnerabilities that can only be detected using an intermediate server. The use of AcuMonitor requires registration.
  • Detection of Blind XSS using AcuMonitor
  • Detection of Server Side Request Forgery (SSRF) using AcuMonitor
  • Detection of Host Header Attacks using AcuMonitor
  • Detection of Email Header Injection using AcuMonitor
  • Detection of XML External Entity (XXE) using AcuMonitor
  • New parameter: /SaveCrawlerData. This new parameter can be used to save the crawler data following a scan from command line.
  • At the end of a scan, the command line output includes scan statistics showing the number of files detected, number of requests, average response and other data which is shown in the main application.
  • Introduced – a new HTML 5 test site which hosts various HTML5 specific vulnerabilities


  • Blind SQL Injection script has been revamped and now provides better detection and significantly reduces false positives
  • Crawler has been updated to support 303 and 307 HTTP Redirection Status codes
  • Updated HTML Authentication Auditing script
  • When a vulnerability is identified, Acunetix will stop checking for variations of the vulnerability. This decreases the scan time, and prevents reporting the same vulnerability multiple times on the same input field.
  • HTTP Authentication now allows saving of websites with underscore in the domain names
  • Backup file script has been updated to not display large binary files in HTTP editor.

Bug Fixes

  • Fixed non-responsive user interface caused when saving scan results.
  • Fixed issue where some scans incorrectly reported the alert ‘Password type input with auto-complete enabled’ multiple times incorrectly.
  • Some scans used to run the perServer scripts twice, thus taking longer and reporting the same vulnerability twice.
  • Scheduler sometimes reported an ‘Unknown State’ when a scan is cancelled.
  • Various other bug fixes