Changelogs

Acunetix Standard & Premium

RSS Feed

v6.5.20091012 - 12 Oct 2009

Copy Link Copy Link
Build v6.5.20091012 -12th October 2009

Bug Fixes

  • Fixed: Memory leak when invoking state change handler
  • Fixed: Item index for an item which has just been inserted fails in the Browserframe
  • Fixed: Error in indexing the get variables when redirecting in Session management

v6.5.20091005 - 05 Oct 2009

Copy Link Copy Link
Build v6.5.20091005 - 5th October 2009

New

  • Added a new check for SVN repositories

Improvements

  • Improved MultiRequest paramenter manipulation; now using the form matcher to match parameter values
  • Improved SQL injection tests
  • Improved Application error tests

Bug Fixes

  • Fixed: Links from HTML comments and other sources that are not trusted where not checked if they are from the same host as the base
  • Fixed: Login sequence not working properly with HTTP authentication
  • Fixed: MessageDlg was used in inittempfiles in console mode
  • Fixed: WinInet bug to resent the request if the server accepts client certificates
  • Fixed: Redirect from index.php to index.php was not working

v6.5.20090917 - 17 Sep 2009

Copy Link Copy Link
Build v6.5.20090917 - 17th September 2009

New

  • Added two new blind SQL injection tests
  • Added a new scanning profile for stored XSS only
  • Added HTTP verb tempering using POST method check

Improvements

  • Improved appearance for compliance report by adding visual markets and several other presentation enhancements

Bug Fixes

  • Fixed temporary files access issue
  • Fixed issue where HTTP Proxy was dublicating the connection: keep-alive header
  • Fixed issue where HTTP Proxy was putting the authorization header from fake basic authentication into server request
  • Fixed a problem where credentials configured through command line where not working properly in particular situations

v6.5.20090813 - 13 Aug 2009

Copy Link Copy Link
Build v6.5.20090813 - 13th August 2009

Improvements

  • HTML forms settings node was renamed to Input Fields. This node now can also be used to pre-define web services operations values.
  • New SQL Injection tests added
  • New XSS tests (unicode) added

v6.5.20090728 - 28 Jul 2009

Copy Link Copy Link
Build v6.5.20090728 - 28th July 2009

New Features

  • Manual Intervention module: better support for CAPTCHA and modern authentication mechanisms

Improvements:

  • Added new variants of blind SQL injection tests (now testing both AND and OR boolean operators)
  • Added new tests for SQL Injection with charset GBK/Big5
  • Added new variants for Cross site scripting

Bug Fixes

  • Fixed several issues with CSA (Client Script Analyzer) engine.

v6.5.20090622 - 22 Jun 2009

Copy Link Copy Link
Build v6.5.20090622 - 22nd June 2009

Improvements

  • Better cookies handling in several modules
  • Implemented exception handler in Login Sequence Recorder

Bug Fixes

  • Handled issue when non-responsive hosts triggered download dialog

v6.5.20090618 - 18 Jun 2009

Copy Link Copy Link
Build v6.5.20090618 - 18th June 2009

New Features

  • Implemented Blind SQL Injection (timing) for web services scanner
  • Implemented HTTP authentication for web services scanner

Bug Fixes

  • Fixed problem related to File Inclusion in AcuSensor Technology
  • Fixed a problem in ssl_ping network script

v6.5.20090519 - 20 May 2009

Copy Link Copy Link
Build v6.5.20090519 - 20th May 2009 - NEW VERSION

New Features


  • File upload forms vulnerability checks

  • New Login Sequence Recorder; supports much more authentication forms and web technologies
  • Session Auto Recognition module; if the session is invalidated or logged out during crawling, the scanner will automatically replay the login sequence without the need of manual intervention
  • Actions drop down menu; for each selected node, the actions drop down menu is activated showing all possible functions
  • Much more checks and alerts for JSP, Java and Tomcat web server

Major Improvements

  • Improved cookie management and session handling to support modern dynamic websites
  • Port scanner and Network Alerts results will appear in a separate node in the results tree
  • Users can import Version 6 settings to Version 6.5
  • Added blind SQL injection timing test using MySQL’s sleep and MS SQL’s waitfor function. This will help in discovering particular blind SQL injections that do not report a change on the page

v6.1.20090211 - 11 Feb 2009

Copy Link Copy Link
Build v6.1.20090211 - 11th February 2009

General improvements

  • CSA engine now supposrts jQuery and Yahoo! UI JavaScripts libraries
  • Added component in scanner to search for links in HTML comments and Flash (SWF) strings
  • Created an ASL.1 parser which can parse X509 Certificates
  • Improved Crawler; improved Wivet coverage to 94%
  • Added more JBoss configuration tests
  • Added more Tomcat tests
  • Added more web server configuration checks for server path, internal IP and username/password disclosure
  • Improved RSS/Atom parses
  • Added more attack vectors to source code disclosure and directory traversal tests for both Windows and Unix

Bug Fixes

  • Reporter now filters very long knowledge base items
  • Fixed SSL3, TLS1 parsing issues
  • Fix in Crawler to handle better query variable in start URL’s
1 23 24 25