Acunetix 360 On-Demand Changelog

Acunetix 360 On-Demand Update – 7th June 2021

FEATURE

• Added support for creating Teams and Roles.
• Added SCIM 2.0 API support for improved SSO integration which supports user and group synchronization with popular Identity Providers.

IMPROVEMENTS

• Improved access control by introducing new more granular permissions
• Improved role assignment for website groups while inviting new members.

---

Acunetix 360 On-Demand Update – 20th May 2021

FEATURE

• Added Authentication Profiles feature to be able to define shared authentication once and utilize them on many scans without explicitly configuring Form Authentication for websites utilizing the same authentication procedure.

IMPROVEMENTS

• The Category selection for ServiceNow integration is made editable.
• Added support for importing links from multiple RAML files from a ZIP file (include directive support).
• Improved Azure AD Single Sign-On in-app help text.
• Removed the Current Password field for admin users (logged in with SSO) while editing a member.
• Added “Maximum URL Rewrite Signature” Scan Policy Crawling option.

FIXES

• Fixed an error that occurs while trying to mark an issue as false positive.
• Fixed an internal server error that happens while using the /api/1.0/scanprofiles/update API endpoint for some profiles.
• Fixed an issue where a deleted issue tracker integration was still keeping the old issues IDs referenced.
• [INTERNAL AGENT] Fixed an issue where the helper NHS service is unexpectedly terminated on environments with multiple agents running.

---

Acunetix 360 On-Demand Update – 11th May 2021

This update includes changes to Internal Agents.

FIX

• [INTERNAL AGENT] Fixed an unhandled ArgumentNullException which causes some authenticated scans to fail.

---

Acunetix 360 On-Demand Update – 28th April 2021

This update includes changes to Internal Agents.

IMPROVEMENT

• Added an option to specify a scan profile while scheduling scans through API.
• Added support for Form Authentication Custom Scripts for cases when a Privileged Access Management integration is used.
• Added support for 11 digit phone numbers while inviting a new member.
• Added an option to ServiceNow integration to specify if the incident should be set to Closed when the vulnerability is fixed.
• Added a field to specify the user’s SSO email address while creating a new team member using the API.
• [INTERNAL AGENT] Added IgnoreSslCertificateErrors option to Docker agent.

FIXES

• Fixed an issue with the GitLab integration script where builds were not failing when they were supposed to fail.
• Fixed an issue where the “Add Attachment Report” section was missing while adding a new notification.
• Fixed a mismatching type issue on /scanprofiles/list API response model.
• Fixed an issue where a failed scan sends an excessive amount of email notifications.
• Fixed an issue where Exclude Authentication Page configuration resets when another scan is performed.
• [INTERNAL AGENT] Fixed agent auto-update issues.

---

Acunetix 360 On-Demand Update – 19th April 2021

This update includes changes to Internal Agents.

FEATURE

• Added GitHub Actions CI/CD integration.
• Added a new Scope option for Scan Groups of Websites while configuring notifications to be able to better scope notifications for web applications/APIs under a website.

IMPROVEMENT

• Improved time zone calculations to handle new time zones.
• Improved configuration validation error messages for Privileged Access Management integrations.

FIXES

• Fixed validation error messages on the Email Settings page.
• Fixed some of the swagger API validation errors reported for the REST API.
• [INTERNAL AGENT] Fixed an agent scan stuck issue while archiving.
• [INTERNAL AGENT] Fixed a retest problem where some issues could not be retested.
• [INTERNAL AGENT] Fixed an agent auto-update issue.

---

Acunetix 360 On-Demand Update – 8th April 2021

This update includes changes to Internal Agents.

FEATURE

• Added Authentication Verifier for Internal Agents.
• Added State filter to notifications which you can use issue states like Fixed, Revived, New, etc. as filtering options.

IMPROVEMENT

• Removed the scan report selection from notification events that do not produce any reports.
• Added account-based option to display authentication credentials on API responses.

FIXES

• Fixed an issue where the Launch button does not get enabled on the New Scan page after you enable the IAST scanning and download the sensor files.
• Fixed an issue where a notification that is sent to an external email address was not displayed on the audit logs.
• Fixed an issue where starting a PCI scan via using API could not start the scan.
• Fixed an issue where a new notification created via API does not add the specified integration(s) to the new notification.
• Fixed an issue where a team member was not created in API if the auto-generated password is enabled.
• [INTERNAL AGENT] Fixed an issue where the custom value of FormAuthPageLoadTimeout was being overridden by its default value.

---

Acunetix 360 On-Demand Update – 30th March 2021

This update includes changes to Internal Agents.

FEATURE

• Added extension for Azure DevOps Pipelines.

IMPROVEMENT

• Improved the error messages returned from the notification API endpoint.

FIXES

• Fixed missing nodes on the sitemap tree.
• Fixed an issue where links imported from a Burp file are incorrectly parsed as HTTP, not HTTPS.
• [INTERNAL AGENT] Fixed an issue where an HSTS issue keeps reviving when the website is scanned again.
• [INTERNAL AGENT] Fixed a scan failed issue that occurs during archiving scan files.
• [INTERNAL AGENT] Fixed an issue where WSDL importing fails while trying to locate the external schema.
• [INTERNAL AGENT] Fixed an InvalidOperationException.

---

Acunetix 360 On-Demand Update – 24th March 2021

This update includes changes to Internal Agents.

FEATURE

• Introduced tagging support for Issues.

IMPROVEMENT

• Added options to specify Is Confirmed and Severity values while failing Jenkins builds.
• [INTERNAL AGENT] Added auto-update support for Linux agents.
• [INTERNAL AGENT] Added support for TLS 1.3 protocol.
• [INTERNAL AGENT] Updated Debian docker image to version 10.8.

FIXES

• Fixed the “Internal Server Error While Exporting Scan” error while exporting scans from Netsparker Standard.
• Fixed missing classification editors on report policy editor for recently added classification types.
• [INTERNAL AGENT] Fixed an issue that causes the scan to stuck while trying to capture the website thumbnail image.

---

Acunetix 360 On-Demand Update – 17th March 2021

This update includes changes to Internal Agents.

IMPROVEMENT

• Improved the load times of the global dashboard page.
• [INTERNAL AGENT] Added a port configuration option for the agent helper service.

FIXES

• Fixed an issue on /teammembers/new API endpoint where minimum password length requirement is enforced incorrectly for admin users.
• Fixed a UI glitch where the Fixed Issues widget on the global dashboard page is clipped.
• Fixed a user enumeration issue that exists for users where SSO is enforced.
• Fixed an issue where updates to Custom Cookies input on Scan Profiles do not persist.
• Fixed an issue where the Next button on Welcome Wizard is not enabled even if you select Website Groups as indicated.
• Fixed the incorrect input label names on the HashiCorp Vault settings dialog.
• [INTERNAL AGENT] Fixed an issue where stuck scans do not honor the Maximum Scan Duration setting.
• [INTERNAL AGENT] Fixed an issue where an agent was creating temp files on C: drive even though it is installed in D: drive.

---

Acunetix 360 On-Demand Update – 12th March 2021

This update includes changes to Internal Agents.

FEATURES

• Custom Security Checks via Scripting feature that allows extending vulnerability detection capabilities. (Needs to be enabled per account basis)

IMPROVEMENTS

• [INTERNAL AGENT] Improved agents to reduce the number of IOPS performed.

---

Acunetix 360 On-Demand Update – 4th March 2021

This update includes changes to Internal Agents.

IMPROVEMENTS

• Prevented deletion of system notifications.
• Forced Browsing wordlist made editable.
• Added tooltips displaying the full issue title on the Issues tree when the titles are clipped due to length.

FIXES

• Fixed /notifications/ update API endpoint which was not updating recipient emails before.
• Fixed a Scan Policy Optimizer issue where the Resource Finder settings are not captured when the selection tree is collapsed.
• Fixed an issue where the Custom Script cannot be created when 3-Legged Authentication is selected while configuring OAuth2.
• Fixed an issue where the ISO Compliance report cannot be exported for some of the scans.
• [INTERNAL AGENT] Fixed runtime exceptions thrown on systems that are missing ClamAV.

---

Acunetix 360 On-Demand Update – 26th February 2021

This update includes changes to Internal Agents.

NEW FEATURES

• Added IAST Scanning capabilities.
• Added CyberArk Vault Privileged Access Management integration.

IMPROVEMENTS

• HashiCorp Vault settings no more require Testing Settings as mandatory before saving the integration.
• Added search capability to the Website Group selection drop-down on the global dashboard page.
• Added the API endpoint option to create users that can only log in using Single Sign-On.
• Added the last login date information to the team member API endpoint.
• [INTERNAL AGENT] Added “Detect authentication tokens” capability for authenticated scans.

FIXES

• Fixed an issue where the category selection widget was clipped on the Service Now integration configuration page.
• Fixed a reporting issue where addressed issues were included on reports generated with the Exclude Addressed Issues option.
• Fixed an issue where a Scan Policy used on a Scheduled Scan cannot be deleted.
• Fixed an issue where the Single Sign-On only users were not able to access their API tokens.
• [INTERNAL AGENT] Fixed an issue that occurs while creating the custom report policy on Linux environments.

---

Acunetix 360 On-Demand Update – 9th February 2021

IMPROVEMENTS

• Added Scan Profile Name column to Recent Scans page.
• Added Website URL as a filter field to Scheduled Scans page.
• Removed encrypted authentication credentials from API responses.

FIXES

• Fixed an issue where the scans launched from CI/CD without a Scan Profile were creating redundant Scan Groups on the Website dashboard.
• Fixed an issue where pressing the TAB key was not committing the entered email address on email input fields.
• Fixed an issue where some settings are not saved when you save a cloned Scan Policy for the first time.
• Fixed an issue where the View Scan Reports and Manage Issues (Restricted) options under Scan Permission are not saved while creating new members.
• Fixed an issue where the modified Scan Profile settings are not saved when another profile is selected from the dropdown.

---

Acunetix 360 On-Demand Update – 27th January 2021

IMPROVEMENTS

• Improved an agent auto-update procedure to support updates for minor version changes.
• All credential information on API responses is encrypted.
• Prevented agent log file names to be renamed by the browser according to the user’s regional settings.

FIXES

• Fixed an issue where the scan and report policies are not preserved while scheduling group scans.
• Fixed several issues on the sitemap tree and improved the performance.
• Fixed a hanging scan issue that occurs while the scan state is changing.
• Fixed an issue where setting an already deleted scan profile name to a new scan profile gives an error.
• Fixed the incorrect VDB version displayed on the agent.
• Fixed an issue where Download Scan Data and Download HttpRequest Logs were not working previously.
• Fixed an issue where an agent was not using the correct proxy settings while communicating with the web app.

---

Acunetix 360 On-Demand Update – 19th January 2021

IMPROVEMENTS

• Added grouping support for agents.
• Added Scan Profile Name to Scan Group dropdown on the Website Dashboard page.
• Added websitesgroups/delete/{id} API endpoint.
• Improved the performance of the technology dashboard.
• Fixed the absolute start date of scheduled scans as a tooltip to relative dates.

FIXES

• Fixed several scan stuck issues.
• Fixed an issue where the scan is stuck when it is paused and tried to be deleted.
• Fixed an issue an incorrect email address could be entered as a notification recipient.
• Fixed an issue where the New Scan page stuck at loading when you switch back and forth between scan profiles.
• Fixed the unspecified format of the NameID SAML2 attribute by setting it to emailAddress.

---

Acunetix 360 On-Demand Update – 13th January 2021

IMPROVEMENTS

• Added support for provisioning users without invitation requirement if the user is going to log in using SSO.
• Added support for setting external email recipients for notifications for all the event types.
• Added SANS Top 25 Report as export.
• Updated PCI Compliance Report to match the new style of the reports.
• Added Scan Profile name to Detailed Scan Report and several other compliance reports.

FIXES

• Fixed an issue where the scan files fail to archive to S3 storage and pile up on the agent machine.
• Fixed an issue where an Internal Server Error occurs while trying to start or schedule a new scan.

---

Acunetix 360 On-Demand Update – 22nd December 2020

IMPROVEMENTS

• Improved the Basic, Digest, NTLM/Kerberos, Negotiate Authentication entry user interface. 
• Improved the performance of Technologies pages

FIXES

• Removed the “SSO Email” field requirement for new member invitations on accounts where SSO is not enforced
• Fixed a typo on the Bugzilla integration configuration page
• Fixed the misleading error messages received when /websitegroups/update API endpoint is called with a missing or invalid “Id” values
• Fixed a UTF8 encoding issue

---

Acunetix 360 On-Demand Update – 12th December 2020

IMPROVEMENTS

• Added an option to fail the build for Azure Pipelines Integration
• Added the Description field for Websites and Website Groups

FIXES

• Fixed an issue where some paused scans stuck and were not be able to resume
• Fixed an issue where the incremental scan fails for a scan with form authentication configuration
• Fixed an internal agent issue where the agent was not able to start as a service 
• Removed the redundant Domain field requirement on Proxy settings of a Scan Policy

---

Acunetix 360 On-Demand Update – 8th December 2020

FIXES

• Fixed an issue where some Client Certificates might not work properly for authentication 
• Fixed an issue where scans might get stuck in the Pausing state