Acunetix Premium - v8.0.20120215

New Features

  • Manipulation of inputs from URL’s
  • Automatic IIS 7 rewrite rule interpretation
  • Support for custom HTTP headers during automated scans
  • Imperva Web Application Firewall integration
  • Multiple instance support for scanning multiple websites in parallel
  • New web-based Scheduler
  • Automatic custom 404 error page recognition and detection
  • Scan settings templates
  • Simplified Scan Wizard
  • Smart memory management
  • Real-time Crawler status
  • Scan termination status included in report
  • Web application coverage report
  • Configuration of log files retention

New Vulnerability Classes Checks

New Web Security Audit Checks

  • Check website content for Bazaar source code repository
  • Check website content for Mercurial source code repository
  • Check website content for source code GIT repository
  • Disclosure of HTML Forms in redirect pages
  • Security audit of alternative PHP cache
  • Check for insecure preg replace in PHP
  • Apache httpOnly Cookie Disclosure
  • Elmah Information Disclosure
  • Checks for Options web server method
  • PHP Hash Collision Denial Of Service
  • Plone&Zope Remote Command Execution
  • Checks for Reverse Proxy bypass
  • CakePHP web application Audit
  • Web applications Configuration File Disclosure
  • phpThumb web application audit
  • Struts2 Remote Code Execution
  • Tiny MCE web application audit
  • Uploadify web application audit
  • Webmail web application audit

Improved the Web Security Audit Scripts for

  • SQL Injection
  • XSS (Cross site scripting)
  • Code Execution
  • CRLF Injection
  • Directory Traversal
  • File Inclusion
  • PHP Code Execution
  • Backup Files
  • Sensitive Text Search
  • Secure Socket Layer configuration
  • Error Messages
  • ASP.NET Application Trace
  • .htaccess File Configuration
  • Http Verb Tampering
  • PHPInfo / PHP Configuration
  • Possible Sensitive Directories Disclosure
  • Possible Sensitive Files Disclosure
  • SQL Injection In Basic Authentication
  • SQL Injection In URI
  • SVN Repository Disclosure
  • Trojan Scripts
  • File Upload Form Audits
  • Generic Oracle Padding
  • Web Form based Authentication
  • LDAP Injection
  • Script Source Code Disclosure
  • XFS and Redir
  • XPath Injection
  • Apache Geronimo Default Administrative Credentials
  • ColdFusion v9 Solr Exposed
  • Error Pages with Path Disclosure
  • Frontpage Authors Passwords
  • Frontpage Extensions Enabled
  • IIS Unicode Directory Traversal
  • JBoss Web Server Configuration
  • Unprotected phpMyAdmin Interface
  • Web Server Version Checks
  • XML External Entity Injection
  • FCKEditor security audit
  • Struts2 XWork Remote Code Execution

Improvements

  • Smart Memory management (ability to scan larger websites)
  • Detection of more web security vulnerability variants