New Features
- Introduced new Scan Type: New Web Vulnerabilities to scan for new vulnerabilities introduced in the latest Acunetix update
- Introduced ad-blocking in the scanner, resulting in faster scans
- Implemented support for Session HTTP headers when logging in to the site
- Introduced custom_settings.xml to configure settings from settings.xml, which are not overwritten on upgrade
New Vulnerability Checks
Updates
- The scan will now report when an invalid Selenium script is used as an import file
- Improved detection of the type of Burp import file being used
- Increased limit on Custom Headers
- Multiple improvements in DeepScan
- The LSR Record button is disabled during Login Action playback
- Acunetix will start reporting login forms when no login credentials are configured
- The tester user will not be able to create or view reports
Fixes
- Fixed: Directory Traversal vulnerabilities were sometimes incorrectly reported as found with AcuSensor
- Fixed: Several broken references in the vulnerability alerts
- Fixed: HTTP Response was not shown in some vulnerability alerts
- Fixed an issue causing DeepScan to take too long to process some locations
- Fix in PHP Hash Collision DOS vulnerability check
- Fixed: Integrated LSR was not working on IE11
- Fixed: Selenium script playback fails for some scripts
- Fixed: Session Detection fails if session pattern spans multiple lines
- Fixed: LSR keeps showing the spinner on some pages
- Fixed: LSR Session pattern was not always saved when detected using the navigation
- Fixed: LSR Session pattern check might fail for in body / not in body patterns
- Fixed: On some systems, Chromium processes cannot be terminated when generating PDF reports
- Fixed: Passwords were recoverable from the UI
- Better handling of HTTP timeouts by vulnerability checks