Added further checks for possible sensitive files; general tests per server
Added further checks for possible sensitive directories; general tests per server
Added a new security check for SQL injection in the authentication header (basic authentication, base64 encoded)
Added AlertIfTextNotFound group parameter to invert search and issue an alert if a specified text is not found
Improvements
Renamed Weak password module to Authentication module since now it includes much more authentication security checks
Improved Cross-site scripting in URI checks to include Ruby on rails security checks
Improved Application errors security checks
Introduced 3 new setting parameters for the crawler in Settings.XML file:
262144
256
1000
Bug Fixes
Fixed: false positives issued in weak password alert
Fixed: WSDL importer crash when importing recursive complex elements
Fixed: Crawler proxy request handling changed to decode the input name/value
Fixed Vulnerability Editor to show group parameters with default values if no VulnXML template is used
Changed HTTP_Anomalies to log PHP errors and save the results in a file (instead of alerts)Changed HTTP_Anomalies to log PHP errors and save the results in a file instead of alerts
Hidden VulnXML properties for alerts that are not using vulnxml default template in Vulnerability Editor
Adjusted VulnXML to reduce the number of false positives for Blind SQL injection timing tests
Updated CSA engine; delete the BOM characters from script sources
Updated URL_Helper; UrlEncode/Decode modified not to use str := str + ch and to validate hex characters after %
Updated File_Inputs; possible values are limited in size now