Acunetix Standard & Premium

Improvements

• Better cookies handling in several modules
• Implemented exception handler in Login Sequence Recorder

Bug Fixes

• Handled issue when non-responsive hosts triggered download dialog

New Features

• 
  

  File upload forms vulnerability checks

• New Login Sequence Recorder; supports much more authentication forms and web technologies
• Session Auto Recognition module; if the session is invalidated or logged out during crawling, the scanner will automatically replay the login sequence without the need of manual intervention
• Actions drop down menu; for each selected node, the actions drop down menu is activated showing all possible functions
• Much more checks and alerts for JSP, Java and Tomcat web server

Major Improvements

• Improved cookie management and session handling to support modern dynamic websites
• Port scanner and Network Alerts results will appear in a separate node in the results tree
• Users can import Version 6 settings to Version 6.5
• Added blind SQL injection timing test using MySQL’s sleep and MS SQL’s waitfor function. This will help in discovering particular blind SQL injections that do not report a change on the page

General improvements

• Optimized large portions of the code to improve speed
• Optimized Progress text for scripts and port scan
• Show progress on ScanInfo frame

Bug Fixes

• Module tm_backup_files – can make tests like {filename}{test}{extension} (e.g. file1.php from file.php)
• Crawler was not sending the custom cookies for the first request reporter crash on settings read (only try/except)
• Fixed crash in “import scan results to database” when the scan was running
• SSL certificate validity year fix
• Fixed a bug in parameter manipulation. Crashing when Combination was nil (no values)
• Error in interpreting redirections of type “?getvar=value”
• Fixed jsessionid session fixation test
• Fixed Activation in v6 for Windows Vista.
• Fixed a problem with Authentication Tester (the app was not recovering when an invalid protocol was specified as target) – Reported by Harutyun Sardaryan
• Fixed a crash in HTTP Fuzzer – Reported by Harutyun Sardaryan
• Fix in Blind SQL Injector: On UNION SELECT based string extraction when httpencoding is applied the last char was eaten

• Huge improvement in memory handling – Memory handling is now done in a much more efficient way and temporary data is now stored by default onto the hard drive freeing up a LOT of system memory especially when dealing with large websites.
• Introduced pre-conditions to various vulnerability tests – this will check if vulns can actually exist in a certain environment before starting to test for then – thus avoiding checking for vulnerabilities in vain and at the same time speeding up the scanning time.
• Summary view for alert nodes – avoids long delays in displaying all alerts under a node
• Added “Current Test” information to the scan information view
• Improvements in HTTP Fuzzer
• Fixed JavaScript issue with parsing certain websites
• Fixed validation when saving login sequence file
• Fixed crash with error “sitefile parts already loaded”
• Fixed Web Services Scan Wizard detection of Inputs for particular WSDL URLs
• Fixed Web Services Scaner crash when clicking on some elements of the tree structure