Acunetix Standard & Premium

RSS Feed

v6.5.20090917 - 17 Sep 2009

Build v6.5.20090917 - 17th September 2009


  • Added two new blind SQL injection tests
  • Added a new scanning profile for stored XSS only
  • Added HTTP verb tempering using POST method check


  • Improved appearance for compliance report by adding visual markets and several other presentation enhancements

Bug Fixes

  • Fixed temporary files access issue
  • Fixed issue where HTTP Proxy was dublicating the connection: keep-alive header
  • Fixed issue where HTTP Proxy was putting the authorization header from fake basic authentication into server request
  • Fixed a problem where credentials configured through command line where not working properly in particular situations

v6.5.20090813 - 13 Aug 2009

Build v6.5.20090813 - 13th August 2009


  • HTML forms settings node was renamed to Input Fields. This node now can also be used to pre-define web services operations values.
  • New SQL Injection tests added
  • New XSS tests (unicode) added

v6.5.20090728 - 28 Jul 2009

Build v6.5.20090728 - 28th July 2009

New Features

  • Manual Intervention module: better support for CAPTCHA and modern authentication mechanisms


  • Added new variants of blind SQL injection tests (now testing both AND and OR boolean operators)
  • Added new tests for SQL Injection with charset GBK/Big5
  • Added new variants for Cross site scripting

Bug Fixes

  • Fixed several issues with CSA (Client Script Analyzer) engine.

v6.5.20090622 - 22 Jun 2009

Build v6.5.20090622 - 22nd June 2009


  • Better cookies handling in several modules
  • Implemented exception handler in Login Sequence Recorder

Bug Fixes

  • Handled issue when non-responsive hosts triggered download dialog

v6.5.20090618 - 18 Jun 2009

Build v6.5.20090618 - 18th June 2009

New Features

  • Implemented Blind SQL Injection (timing) for web services scanner
  • Implemented HTTP authentication for web services scanner

Bug Fixes

  • Fixed problem related to File Inclusion in AcuSensor Technology
  • Fixed a problem in ssl_ping network script

v6.5.20090519 - 20 May 2009

Build v6.5.20090519 - 20th May 2009 - NEW VERSION

New Features

  • File upload forms vulnerability checks

  • New Login Sequence Recorder; supports much more authentication forms and web technologies
  • Session Auto Recognition module; if the session is invalidated or logged out during crawling, the scanner will automatically replay the login sequence without the need of manual intervention
  • Actions drop down menu; for each selected node, the actions drop down menu is activated showing all possible functions
  • Much more checks and alerts for JSP, Java and Tomcat web server

Major Improvements

  • Improved cookie management and session handling to support modern dynamic websites
  • Port scanner and Network Alerts results will appear in a separate node in the results tree
  • Users can import Version 6 settings to Version 6.5
  • Added blind SQL injection timing test using MySQL’s sleep and MS SQL’s waitfor function. This will help in discovering particular blind SQL injections that do not report a change on the page

v6.1.20090211 - 11 Feb 2009

Build v6.1.20090211 - 11th February 2009

General improvements

  • CSA engine now supposrts jQuery and Yahoo! UI JavaScripts libraries
  • Added component in scanner to search for links in HTML comments and Flash (SWF) strings
  • Created an ASL.1 parser which can parse X509 Certificates
  • Improved Crawler; improved Wivet coverage to 94%
  • Added more JBoss configuration tests
  • Added more Tomcat tests
  • Added more web server configuration checks for server path, internal IP and username/password disclosure
  • Improved RSS/Atom parses
  • Added more attack vectors to source code disclosure and directory traversal tests for both Windows and Unix

Bug Fixes

  • Reporter now filters very long knowledge base items
  • Fixed SSL3, TLS1 parsing issues
  • Fix in Crawler to handle better query variable in start URL’s

v6.0.20081209 - 09 Dec 2008

Build v6.0.20081209 - 9th December 2008

General improvements

  • Optimized large portions of the code to improve speed
  • Optimized Progress text for scripts and port scan
  • Show progress on ScanInfo frame

Bug Fixes

  • Module tm_backup_files – can make tests like {filename}{test}{extension} (e.g. file1.php from file.php)
  • Crawler was not sending the custom cookies for the first request reporter crash on settings read (only try/except)
  • Fixed crash in “import scan results to database” when the scan was running
  • SSL certificate validity year fix
  • Fixed a bug in parameter manipulation. Crashing when Combination was nil (no values)
  • Error in interpreting redirections of type “?getvar=value”
  • Fixed jsessionid session fixation test
  • Fixed Activation in v6 for Windows Vista.
  • Fixed a problem with Authentication Tester (the app was not recovering when an invalid protocol was specified as target) – Reported by Harutyun Sardaryan
  • Fixed a crash in HTTP Fuzzer – Reported by Harutyun Sardaryan
  • Fix in Blind SQL Injector: On UNION SELECT based string extraction when httpencoding is applied the last char was eaten

v6.0.20081028 - 28 Oct 2008

Build v6.0.20081028 - 28th October 2008 - NEW VERSION

New tools / Applications

  • AcuSensor Technology
  • Port Scanner and Network Alerts tool
  • Blind SQL Injector Tool

General improvements

  • Pause and Resume scan functionality
  • Option to mark an alert as false positive
  • Support for NTLM v2
  • Scanner can now gather a list of uncommon HTTP responses
  • Scanner can automatically stop if a number of network errors occure or web server does not respond.

User Interface improvements

  • Compare results tool now compares also Knowledge Base items and list of open web server ports
  • Possibility to quickly locate a vulnerability by using a filter while before only search was allowed
  • In Scanning profiles and Vulnerability Edior vulnerabilities are automatically sorted by name
  • In HTTP Fuzzer results can be sorted by clicking on header columns and changes in Fuzzer filters are automatically reflected in results window

Scheduler improvements

  • All scanning options are now available in scheduler
  • Option to configure the day of the week or month for a scheduled scan
  • Option to configure scan exclusion hours, i.e. when an ongoing scan should be paused and resumed
1 21 22 23