Acunetix 360 On-Demand

New feature

• Introduced Global Client Certificates: Admins can now add client certificates to the Global Certificate section and apply them directly to Scan Profiles

Improvements

• Added “Export to CSV” functionality to several pages, including Scan Policies, Report Policies, Scan Profiles, Scheduled Scans, and Website Groups
• Updated GitHub Actions to their latest stable versions to take advantage of new features and performance improvements

Resolved issues

• Resolved an issue where clicking “Toggle Content” did not display the list of Imported Links on scan profiles
• Resolved an issue with parsing JIRA Custom Complex Fields in JSON
• Addressed SSL errors in certificate-based environments by adding support for the IgnoreSslCertificateErrors parameter
• Corrected an issue where NTLM “Test Credentials” incorrectly passed using default credentials; invalid credentials now fail as expected
• Resolved issues with previously problematic Report Policies

Improvements

• The character limit for the New Target/Target Group > Description field has been increased from 255 to 1000 characters. This change has also been implemented on the API side
• The character limit for the Scan Profile > Comments field has been increased from 500 to 1000 characters. This change has also been implemented on the API side
• Starting September 1, 2025, HTTP Request/Response data for vulnerabilities older than 180 days will be removed (except for the most recent occurrence). Read more

Resolved issues

• Other users are prevented from editing the Primary User’s account
• Fixed filtering Mend SAST results for Critical and High priority vulnerabilities
• Added file size control message for imported link or API definitions files
• Fixed Tag IDs field in Asana integration

Improvements

• Improved visibility and transparency of customer impersonation scenarios initiated by the Support Team
• Extended the Notifications (New & Update) REST API endpoints to include report configuration options, allowing finer control over alerting workflows
• Improved stability by identifying and notifying users about misconfigured Jira webhooks causing excessive and unrelated requests to the scanner
• Added tag-based filtering support to the Scheduled Scans page. Users can now filter scheduled scans by tags
• Adding Imported Links via API now generates URL Rewrite Rules automatically

Resolved issues

• Fixed false-positive reporting for Web Cache Deception vulnerability
• Implemented immutable logs for deleted users to ensure audit integrity and traceability even after user removal
• Fixed an issue where scripts defined on the Custom Script page could not be executed for testing purposes
• Resolved an issue where SSL certificate chain errors blocked UI or auto-update of Internal Verifier Agents on Linux

Security checks

• Added a new CVE check for CVE-2019-19326
• Added a new XSS attack for CVE-2024-11831

Improvements

• Improved prototype-pollution detection to reduce noise
• Improved XSS detection to reduce noise
• Increased the timeout duration for IAST responses to prevent premature failures
• Updated dependencies with known vulnerabilities
• Implemented an enhancement to capture the token information present in the response during the OAuth2 Implicit Flow
• Implemented an enhancement to enable more effective cookie management when HTTP/2 is enabled
• Updated plugin dependencies to address known security vulnerabilities and improve overall stability; upgraded Jenkins compatibility to version 2.474
• When user roles changes details are now available on Activity Logs
• Jenkins Plugin: Corrected misleading UI validation for the “Report Type” parameter within the “Netsparker Enterprise Scan” build step. The field no longer incorrectly appears as required, clarifying its optional nature
• LDAP Integration: Permanently enabled LDAP integration for on-premise WebApp installations by removing its associated feature flag. LDAP functionality is now available by default
• Shark (IAST) versions upgraded
• Agent and Verifier download names now come in a specific format
• Added new columns while exporting with All Attributes CSV

API changes

• Addresses discrepancies in global vulnerability counts between scan tasks and website issues

Resolved issues

• Corrected the MOVEit SQLi check to avoid reporting an incorrect version
• Enhanced support for using multiple secrets simultaneously within a single custom header
• Resolved an issue where duplicate X-Content-Type-Options headers triggered false missing header reports
• Addressed an issue encountered during report policy migration
• File Uploads: Added support for additional ZIP MIME types to resolve upload issues from some operating systems
• Fixed broken link issue
• Fixed integration duplication issue on Notification UI
• Fixed an issue where starting a new scan after a failed PCI scan could cause the PCI scan status to remain stuck in the “Stopping” state

New feature

• Added Post-Request script feature (Read more)
• Integrated AI Assist Bot into Acunetix 360 On-Demand
  

New security checks

• Added a new XSS Security check

Improvements

• Updated workflows to improve reliability and security while maintaining alignment with GitHub’s best practices
• Addressed multiple versions of GitHub Actions available in the marketplace
• Added new REST API endpoint (agents/listverifiers) to retrieve AV agents data
• Restricted the Vulnerability Note field to 1000 characters

Resolved issues

• Resolved an issue causing scans to get stuck during archiving
• Resolved discrepancy between API (listByWebsite) and UI (Recent Scans) results
• Fixed an issue with verifying the existence of links in the link pool
• Improved incremental scanning
• Implemented logic to create the UserDocumentsDirectoryPath when it doesn’t already exist
• Added support for defining headers and HTTP method during CSV import