The main feature included in Acunetix Web Vulnerability Scanner version 8, build 20130619 is the new compliance report for the recently published OWASP Top 10 2013. In addition, the new build has also been updated to detect vulnerabilities in various web products and provides various other improvements such as reduction in false positives and other important bug fixes.
New Functionality
- Introduced a new compliance report for OWASP Top 10 2013
- Introduced detection of AngularJS template injections
- Added detection of Adobe ColdFusion critical vulnerability APSA13-03 (CVE-2013-3336)
- Added detection of nginx stack-based buffer overflow (CVE-2013-2028)
- Added detection of Horde/IMP Plesk Webmail Exploit
- Added detection of missing X-Frame-Options header (used to prevent Clickjacking attacks)
- Added a test checking for Basic Authentication over HTTP
- Added a test checking for Flask Debug Mode
- Added a test checking for Struts2/XWork Remote Code Execution
- Added detection of MediaWiki Chunked Uploads Security Check Bypass
- Added detection for Plupload XSS vulnerability (included in WordPress versions 3.5, 3.4.2, 3.4.1, 3.4, 3.3.3 and 3.3.2 and other applications)
Improvements
- Reduced false positives in XSS detection
- Improvements to Web Server Default Welcome Page script
- Reduced false positives reported by Blind SQL Injection
- Improvements in the detection of Sensitive Directories
- Added patterns for Python error messages and stack traces in the Text Search script.
Bug Fixes
- Fixed an issue in PHP AcuSensor
- In some situations, the Login Sequence Recorder misidentified connections to HTTPs sites when working through the Acunetix Web Vulnerability Scanner proxy
- Fixed crash in the crawler when external JavaScript files where processed from a site with AcuSensor enabled
- Fixed a false positive in Microsoft IIS Tilde Directory Enumeration
- Fixed issues where scheduled scans with recursion are not rescheduled if they cannot start because of scan restrictions
- Fixed a bug with Amazon S3 Public Buckets audit KB items being reported multiple times
How to Upgrade
When you start Acunetix WVS 8, you will be notified that a new build is available to download. Navigate to the General > Program Updates node in the Tools explorer, click on Download and Install the new build.Download -
http://www.acunetix.com/vulnerability-scanner/download/
Source
0 comments:
Post a Comment