Acunetix Build History

Version 13 (build 13.0.200401171 – Windows and Linux) 2nd April 2020

New Vulnerability Checks

  • New WordPress plugin checks

Updates

  • Improved XXE check
  • Improved internal IP disclosure check
  • Vulnerabilities detected with 100% Confidence get a Verified stamp

Fixes

  • Fixed issue with response highlighting for SQL Injection alerts
  • Fixed AcuMonitor alert notifications not linking to scan
  • Fixed page not found UI issue when trying to generate a report from Reports page
  • Fixed issue with scanner looping when parsing specific long JSON responses

Version 13 (build 13.0.200326097 – Windows and Linux) 26th March 2020

New Features

  • Introduced support for processing of Swagger 2.0 files during scans
  • Introduced support for Swagger 2.0 files as import files
  • New Quarterly scheduled scan option

New Vulnerability Checks

Updates

  • Minor UI updates
  • Better reporting of scans interrupted due to network errors
  • Client Certificate address can now be configured for a Target
  • HTTP Authentication address can now be configured for a Target
  • Abort Scan after 25 network errors
  • Implemented Proof of Exploit for Blind SQL Injection vulnerabilities
  • Improved showing Scan Duration for long scans
  • Acunetix can be installed in custom paths
  • Email notifications can be configured for:
    • Product updates
    • Target notifications
    • Scan notifications
    • Report notifications
    • Monthly status updates

Fixes

  • Fixed: On Reports page, Target address shows as N/A for Targets that do not have a Description
  • Fixed issue uploading import files larger than 1mb
  • Fixed issue whereby some addresses had missing a character in the report
  • Fixed false positive in Possible server path disclosure
  • Fixed issue causing the scanner to not following multiple redirects
  • Fixed 2 scanner crashes
  • Multiple fixes in WADL parser
  • Fixed: Case Sensitive Paths settings was sometimes not being taken into consideration
  • Fixed issue in Possible Sensitive Directories identifying incorrect locations
  • Fixed issue for users with expired passwords not given the option to change their password

Version 13 (build 13.0.200205121 – Windows and Linux) 5th February 2020

New Features

  • New Acunetix web UI
  • Improved Network Scanner integration
  • Malware Detection using Windows Defender on Windows and ClamAv on Linux
  • Smart Scan
  • New scanning algorithm prioritises scanning tasks and reduces scanning time
  • Proof of exploit is reported in the vulnerability alerts
  • Incremental Scans
  • Vulnerability Confidence Rating for web vulnerabilities
  • New GitLab Issue Tracker Integration
  • New Bugzilla Issue Tracker Integration
  • New Mantis Issue Tracker Integration
  • Ability to create Login Sequence from Selenium script
  • New WADL import file
  • New ASP.NET Webforms import file
  • New Postman import file
  • New Paros import file
  • Ability to create custom checks
  • Highlighting of vulnerability in HTTP response
  • DeepScan provides better support for Angular 2, Vue and React JavaScript Frameworks
  • Unlimited network scanning for Acunetix Premium customers
  • Account Session Timeout settings
  • Account Maximum Consecutive Login Failure settings

New Vulnerability Checks

Updates

  • Improved memory consumption for the scanner
  • PDF reports now have page numbers
  • Generic User-agent will be used for communication with issue trackers
  • All lists in Acunetix UI can be sorted
  • Easier filtering options in the Acunetix UI
  • Settings can now be accessed from the side-bar
  • Links discovered by AcuSensor are given more prominence
  • Improved processing of XML and JSON POST input schemes
  • Scanner will try to replay the LSR playback actions a number of times before failing
  • Improved Auto-Login
  • Multiple updates in the Login Sequence Recorder
  • Developer report updated to include Source file, line number and other details provided by AcuSensor
  • Acunetix now supports scanning domains with international characters
  • Increase page size limit to 20Mb in scanner and LSR
  • Improved detection of Possible Sensitive Files
  • Improved detection of email addresses
  • Improved detection of Command Injection
  • Improved detection of database backup files
  • Improved detection of XXE

Fixes

  • Fixed issue in Developer report showing incorrect parameter name for detected vulnerabilities
  • Fixed: “Tester” user role will not be able to create reports
  • upgrades on Linux were not removing all files from previous installation
  • Fixed issue with Manual Intervention
  • Fixed: Session cookies where not always collected by LSR
  • Fixed: Incorrect processing of URLs with “{” character
  • Fixed a number of crashes in scanner
  • Fixed issue causing scanner proxy to unintentionally transform parts of the HTTP request
  • Fixed false positive in the detection of Apache Tomcat Remote Code Execution
  • Fixed issues causing some links not to be properly imported by the importer
  • Fixed issue with license activation when proxy and authentication is used
  • Fixed issue causing session to get lost when Deepscan is used