Acunetix Build History

Version 11 (build 11.0.171101535) – 20th April 2017

New Vulnerability Tests

Improvements

  • Improved Backup file checks
  • Various improvements to the WordPress checks
  • Added support for various JavaScript libraries in the Login Sequence Recorder and DeepScan

Bug Fixes

  • Virtual Host Audit check was not taking into consideration the Target Port and Scheme
  • Fixed DeepScan issue which caused infinite loop during auto-authentication for some web applications
  • Fixed issue in Login Sequence Recorder causing it not to load settings from the correct location

Version 11 (build 11.0.170941159) – 4th April 2017

Improvements

  • The IP address or hostname of the Acunetix machine can be specified during the installation. This information is used to generate the SSL certificates used for the UI. This is required to avoid SSL errors
  • Update to Login Sequence Recorder and DeepScan improving compatibility with modern web applications
  • Target information is shown in “Scan Done” UI notifications
  • Various minor updates to the UI
  • Scan email notifications now include links to the scan results. Report email notifications include links to the report
  • Multiple updates to the WordPress and Joomla vulnerability checks

Bug Fixes

  • Fixed false positives caused by the PHP AcuSensor
  • Fixed 2 privilege escalation issues reported privately to Acunetix
  • Fixed false positive in WAF detection
  • Fixed UI issue caused by certain characters in the Target Description field

Version 11 (build 11.0.170751531) – 16th March 2017

Updates

  • Check for Remote Code Execution (RCE) vulnerability in Apache Struts 2 (CVE-2017-5638)

Version 11 (build 11.0.170611402) – 3rd March 2017

Updates

  • Multiple updates to the WordPress and Joomla vulnerability checks

Fixes

  • Fixed issue caused by UTF-8 characters in the login sequence filename
  • Fixed issue with Target address validation

Version 11 (build 11.0. 170540920) – 23rd February 2017

Updates

  • AcuMonitor registration setting is now remembered between license activations
  • Various updates to the WordPress and Joomla vulnerability checks
  • Acunetix now accepts .der, .p12 and .pfx file extensions for client certificates
  • Login Sequence Recorder (LSR) now supports sites using ES6 features

Fixes

  • In certain situations, the auto-login details for a Target were not correctly stored, resulting the login credentials not being used during a scan
  • Fixed issue with parsing of addresses
  • Fixed issue causing auto-updating of the product to not be done for some licenses. Affected customers will be notified by email.

Version 11 (build 11.0.170461052) – 15th February 2017

Updates

  • Creation of custom scanning profiles is possible from the Acunetix web UI.
  • Manual Intervention events can be configured as part of a Login Sequence for Captchas and two factor authentication
  • Retesting of vulnerabilities discovered by Acunetix
  • The ability to disable AcuMonitor at license activation
  • Comparison report for two scans of the same Target
  • Reports are now available in both PDF and HTML
  • The site structure is now shown in a hierarchical tree view
  • Excluded hours can be configured per Target, in which no scans will be performed by Acunetix
  • Added information on weak SSL key ciphers
  • The Acunetix license activation allows the user to opt out of AcuMonitor registration
  • Various updates to the WordPress and Joomla vulnerability checks

Fixes

  • Notifications for vulnerabilities discovered by AcuMonitor now include a link taking the user to the vulnerability identified
  • Various bug fixes in the UI
  • Changed scan status message when scanned target is not responsive
  • Fix in Relative Path Overwrite vulnerability check
  • Various updates and fixes related to AcuMonitor
  • Improved URL validation

Version 11 (build 11.0.170341008) – 3rd February 2017

New Vulnerability Test

Version 11 (build 11.0.163541031) – 19th December 2016

New Features

  • Acunetix Enterprise users can now generate their API key to be used for the Acunetix API (contact sales@acunetix.com for more information on the API)
  • Selenium IDE files are now supported as Import files in Acunetix v11
  • The Acunetix Login Sequence Recorder can now edit login sequence files.

New Vulnerability Tests

Improvements

  • The Acunetix UI will show a message when the license is not activated.
  • The Login Sequence Recorder will make use of the proxy settings configured for the Target.
  • Better handling of cookies.

Bug Fixes

  • Fixed reports generated for targets that have not been scanned
  • Fixed allowance of empty Import Files to be uploaded for a Target
  • Some information returned by AcuSensor was not reflected in the vulnerability details
  • Fixed false positive in the ASP.NET debug mode check
  • Various minor updates and fixes

Version 11 (build 11.0.163221044) – 17th November 2016

New Features

  • New web-based user interface
  • Targets are now stored in Acunetix with their individual settings, and can be easily re-scanned.
  • Targets can be classified by their Business Criticality
  • Reports are stored in the central interface
  • Users can choose between “Target reports”, “Scan reports” or “All vulnerabilities reports”
  • Role-based multi-user system, allowing users to be assigned the security scanning of specific targets.
  • All vulnerabilities for all the targets are now shown in one list which can be easily filtered.
  • Export vulnerabilities to F5 BIG-IP ASM and Fortinet FortiWeb Web Application Firewalls directly from within Acunetix
  • Acunetix now supports sending vulnerabilities to these Issue trackers: Github, JIRA and Microsoft Team Foundation Service (TFS)
  • Documentation is now inbuilt into the new interface
  • New Dashboard, providing an instant overview of the security status of your assets.

Improvements