Acunetix Premium - v13.0.200930102

New Features

• Export Scans to JSON (available as WAF Export option)
• Added context-sensitive help for all pages in the UI. Clicking on the ? icon will open documentation for the specific page

New Vulnerability Checks

• New test for Apache OFBiz XMLRPC Deserialization RCE (CVE-2020-9496)
• New test for No HTTP Redirection
• Numerous tests related to TLS / SSL, including:
  • Added support for 200 new cipher suites, bringing the total number of supported cipher suites to 360
  • New test for TLS/SSL Diffie-Hellman Key Reuse (prerequisite for Raccoon Attack)
  • New test for TLS/SSL LOGJAM attack (CVE-2015-4000)
  • New test for TLS/SSL Sweet32 attack (CVE-2016-2183 and CVE-2016-6329
  • Alert if server offers cipher suites with symmetric encryption key length <128
  • Alert if server offers cipher suites using symmetric encryption algorithms RC2, DES (insecure), IDEA
  • Alert if server offers cipher suites using ANON, NULL, SHA-1 for authentication
  • Alert if server offers cipher suites using MD5 for HMAC
• New vulnerability checks for WordPress plugins and Drupal core

Updates

• Numerous updates to the UI
• Malware scan profile updated to check for Trojans
• Scanner updated to receive newly discovered hosts from vulnerability checks
• Updated Swagger 2 implementation to better cater for nested schemes/objects
• Updated deduplication to better cater for network scans / vulnerabilities
• Adaptive ciphersuite testing, reduces the average SSL/TLS scan duration by 90%

Fixes

• Fixed issue where no data was shown for archived scans
• Fixed some minor issues with default filters
• Fixed issue showing wrong Target count in license page
• Fixed UI issue affecting Custom Scan Profiles
• Fixed Possible Sensitive Files / Folders to use the Case Sensitive Paths setting for the Target
• Fixed issue in Reverse Proxy Detection check

---