Build v6.1.20090211 – 11th February 2009

General improvements

  • CSA engine now supposrts jQuery and Yahoo! UI JavaScripts libraries
  • Added component in scanner to search for links in HTML comments and Flash (SWF) strings
  • Created an ASL.1 parser which can parse X509 Certificates
  • Improved Crawler; improved Wivet coverage to 94%
  • Added more JBoss configuration tests
  • Added more Tomcat tests
  • Added more web server configuration checks for server path, internal IP and username/password disclosure
  • Improved RSS/Atom parses
  • Added more attack vectors to source code disclosure and directory traversal tests for both Windows and Unix

Bug Fixes

  • Reporter now filters very long knowledge base items
  • Fixed SSL3, TLS1 parsing issues
  • Fix in Crawler to handle better query variable in start URL’s

Build v6.0.20081209 – 9th December 2008

General improvements

  • Optimized large portions of the code to improve speed
  • Optimized Progress text for scripts and port scan
  • Show progress on ScanInfo frame

Bug Fixes

  • Module tm_backup_files – can make tests like {filename}{test}{extension} (e.g. file1.php from file.php)
  • Crawler was not sending the custom cookies for the first request reporter crash on settings read (only try/except)
  • Fixed crash in “import scan results to database” when the scan was running
  • SSL certificate validity year fix
  • Fixed a bug in parameter manipulation. Crashing when Combination was nil (no values)
  • Error in interpreting redirections of type “?getvar=value”
  • Fixed jsessionid session fixation test
  • Fixed Activation in v6 for Windows Vista.
  • Fixed a problem with Authentication Tester (the app was not recovering when an invalid protocol was specified as target) – Reported by Harutyun Sardaryan
  • Fixed a crash in HTTP Fuzzer – Reported by Harutyun Sardaryan
  • Fix in Blind SQL Injector: On UNION SELECT based string extraction when httpencoding is applied the last char was eaten

Build v6.0.20081028 – 28th October 2008 – NEW VERSION

New tools / Applications

  • AcuSensor Technology
  • Port Scanner and Network Alerts tool
  • Blind SQL Injector Tool

General improvements

  • Pause and Resume scan functionality
  • Option to mark an alert as false positive
  • Support for NTLM v2
  • Scanner can now gather a list of uncommon HTTP responses
  • Scanner can automatically stop if a number of network errors occure or web server does not respond.

User Interface improvements

  • Compare results tool now compares also Knowledge Base items and list of open web server ports
  • Possibility to quickly locate a vulnerability by using a filter while before only search was allowed
  • In Scanning profiles and Vulnerability Edior vulnerabilities are automatically sorted by name
  • In HTTP Fuzzer results can be sorted by clicking on header columns and changes in Fuzzer filters are automatically reflected in results window

Scheduler improvements

  • All scanning options are now available in scheduler
  • Option to configure the day of the week or month for a scheduled scan
  • Option to configure scan exclusion hours, i.e. when an ongoing scan should be paused and resumed