Acunetix Standard & Premium

New Features

• Manipulation of inputs from URL’s
• Automatic IIS 7 rewrite rule interpretation
• Support for custom HTTP headers during automated scans
• Imperva Web Application Firewall integration
• Multiple instance support for scanning multiple websites in parallel
• New web-based Scheduler
• Automatic custom 404 error page recognition and detection
• Scan settings templates
• Simplified Scan Wizard
• Smart memory management
• Real-time Crawler status
• Scan termination status included in report
• Web application coverage report
• Configuration of log files retention

New Vulnerability Classes Checks

• HTTP Parameter Pollution
• MongoDB Injection
• NodeJs Injection
• Expression Language Injection

New Web Security Audit Checks

• Check website content for Bazaar source code repository
• Check website content for Mercurial source code repository
• Check website content for source code GIT repository
• Disclosure of HTML Forms in redirect pages
• Security audit of alternative PHP cache
• Check for insecure preg replace in PHP
• Apache httpOnly Cookie Disclosure
• Elmah Information Disclosure
• Checks for Options web server method
• PHP Hash Collision Denial Of Service
• Plone&Zope Remote Command Execution
• Checks for Reverse Proxy bypass
• CakePHP web application Audit
• Web applications Configuration File Disclosure
• phpThumb web application audit
• Struts2 Remote Code Execution
• Tiny MCE web application audit
• Uploadify web application audit
• Webmail web application audit

Improved the Web Security Audit Scripts for

• SQL Injection
• XSS (Cross site scripting)
• Code Execution
• CRLF Injection
• Directory Traversal
• File Inclusion
• PHP Code Execution
• Backup Files
• Sensitive Text Search
• Secure Socket Layer configuration
• Error Messages
• ASP.NET Application Trace
• .htaccess File Configuration
• Http Verb Tampering
• PHPInfo / PHP Configuration
• Possible Sensitive Directories Disclosure
• Possible Sensitive Files Disclosure
• SQL Injection In Basic Authentication
• SQL Injection In URI
• SVN Repository Disclosure
• Trojan Scripts
• File Upload Form Audits
• Generic Oracle Padding
• Web Form based Authentication
• LDAP Injection
• Script Source Code Disclosure
• XFS and Redir
• XPath Injection
• Apache Geronimo Default Administrative Credentials
• ColdFusion v9 Solr Exposed
• Error Pages with Path Disclosure
• Frontpage Authors Passwords
• Frontpage Extensions Enabled
• IIS Unicode Directory Traversal
• JBoss Web Server Configuration
• Unprotected phpMyAdmin Interface
• Web Server Version Checks
• XML External Entity Injection
• FCKEditor security audit
• Struts2 XWork Remote Code Execution

Improvements

• Smart Memory management (ability to scan larger websites)
• Detection of more web security vulnerability variants

New Security Check

• Security check for Apache httpd remote denial of service

Improvements

• Firefox plugin now supports Firefox v.6
• Inclusion of more variables discovered by Acusensor during a scan

Bug Fixes

• Fixed HTTP verb tampering security checks with further reduction of false positives
• Paths edited in HTTP Authentication settings node are being saved correctly
• Actions menu is appearing correctly in the Small Business Edition

New Feature

• Included IMAGE tag with source in crawler for more detailed crawling data.

Improvements

• Improved Cross-site scripting checks.
• Introduced a number of improvements in the Client Script Analyzer (CSA) module for better Web 2.0 crawling.

Bug Fixes

• Fixed crash in Login Sequence Recorder when accessing specific sites with frames.
• Fixed Access Violation in fuzzer if XML filetype is selected and set an invalid filename.
• Fixed issue when authenticating against websites using Digest and NTLM.
• Fixed a file browser crash if visualizing file during scanning.
• Fixed a crash when loading saved scans from specific websites.
• Corrected interpretion of HTML encoding in Crawler.
• Fixed Access Violation in Fuzzer

New feature

• AcuSensor details are now exported in the report as well.

Bug Fixes

• Fixed a bug in cross domain check script.
• Fixed 2 crashes in the scanner software.
• Fixed a bug in DOM XSS security check.