New Features
- New version of .NET AcuSensor (requires removal of the sensors installed in the web applications – check this blog post for more info)
- Implemented a test looking for JSP source code disclosure via SOH (start of header)
- Added a script for parsing specific Java error messages to improve crawling coverage and discover new content.
Improvements
- Improved backup config files discovery
- Request cookies will now be automatically processed from proxy log requests and used during a scan
- The Crawler now processes untrusted URLs even if they do not belong to the host being scanned.
Bug Fixes
- Fixed a number of false positives in the SQL injection vulnerability checks
- Limit AST parsing to files smaller than 1Mb
- Fixed an SQL injection vulnerability in the reporter.