Added support for various JavaScript libraries in the Login Sequence Recorder and DeepScan
Bug Fixes
Virtual Host Audit check was not taking into consideration the Target Port and Scheme
Fixed DeepScan issue which caused infinite loop during auto-authentication for some web applications
Fixed issue in Login Sequence Recorder causing it not to load settings from the correct location
Version 11 (build 11.0.170941159) – 4th April 2017
Improvements
The IP address or hostname of the Acunetix machine can be specified during the installation. This information is used to generate the SSL certificates used for the UI. This is required to avoid SSL errors
Update to Login Sequence Recorder and DeepScan improving compatibility with modern web applications
Target information is shown in “Scan Done” UI notifications
Various minor updates to the UI
Scan email notifications now include links to the scan results. Report email notifications include links to the report
Multiple updates to the WordPress and Joomla vulnerability checks
Bug Fixes
Fixed false positives caused by the PHP AcuSensor
Fixed 2 privilege escalation issues reported privately to Acunetix
Fixed false positive in WAF detection
Fixed UI issue caused by certain characters in the Target Description field
Version 11 (build 11.0.170751531) – 16th March 2017
Updates
Check for Remote Code Execution (RCE) vulnerability in Apache Struts 2 (CVE-2017-5638)
Version 11 (build 11.0.170611402) – 3rd March 2017
Updates
Multiple updates to the WordPress and Joomla vulnerability checks
Fixes
Fixed issue caused by UTF-8 characters in the login sequence filename
Fixed issue with Target address validation
Version 11 (build 11.0. 170540920) – 23rd February 2017
Updates
AcuMonitor registration setting is now remembered between license activations
Various updates to the WordPress and Joomla vulnerability checks
Acunetix now accepts .der, .p12 and .pfx file extensions for client certificates
Login Sequence Recorder (LSR) now better supports sites using ES6 features
Fixes
In certain situations, the auto-login details for a Target were not correctly stored, resulting the login credentials not being used during a scan
Fixed issue with parsing of addresses
Fixed issue causing auto-updating of the product to not be done for some licenses. Affected customers will be notified by email.
Version 11 (build 11.0.170461052) – 15th February 2017
Updates
Creation of custom scanning profiles is possible from the Acunetix web UI.
Manual Intervention events can be configured as part of a Login Sequence for Captchas and two factor authentication
Retesting of vulnerabilities discovered by Acunetix
The ability to disable AcuMonitor at license activation
Comparison report for two scans of the same Target
Reports are now available in both PDF and HTML
The site structure is now shown in a hierarchical tree view
Excluded hours can be configured per Target, in which no scans will be performed by Acunetix
Added information on weak SSL key ciphers
The Acunetix license activation allows the user to opt out of AcuMonitor registration
Various updates to the WordPress and Joomla vulnerability checks
Fixes
Notifications for vulnerabilities discovered by AcuMonitor now include a link taking the user to the vulnerability identified
Various bug fixes in the UI
Changed scan status message when scanned target is not responsive
Fix in Relative Path Overwrite vulnerability check
Various updates and fixes related to AcuMonitor
Improved URL validation
Version 11 (build 11.0.170341008) – 3rd February 2017