The new release of Acunetix Web Vulnerability Scanner version 8 – build 20130308– includes a number of new security tests, most of which are product-specific, as well as various improvements in Cross-Site Scripting (XSS) checks and various bug fixes in the scan scheduler.
• Added a test for Kayako Fusion v4.51.1891 – Multiple Web Vulnerabilities
• Added various tests for Apache Tomcat
• Added a test for CKEditor 4.0.1 Cross-Site Scripting vulnerability
• Added a test for Moveable Type 4.x Unauthenticated Remote Command Execution
• Implemented detection of Virtual Hosts on the target server
• Implemented jQuery 1.9 support
• Added a test for subversion 1.7 (.svn) repositories
• Added a test for Parallels Plesk SQL Injection Vulnerability (CVE-2012-1557).
• Implemented some tests looking for various Unicode transformation issues such as Best-Fit Mappings, Overlong byte sequences and Ill-Formed Sub-sequences
• Added header input schemes for folders
• Added identification of file names in input scheme parameter values. Any file names detected are subsequently crawled
• Various improvements to XSS tests
• Improved Possible_Sensitive_Directories script
• Improved jQuery attr() support
• Improved Virtual Host Directory Listing test
• The report of 404 – Page Not Found now instructs users to checks the Referrers tab for a list of pages linking to the broken link
• Fixed a crash that occurs infrequently when configuring a scheduled scan
• Fixed various minor issues in the scan scheduler
How to Upgrade
When you start Acunetix WVS 8, you will be notified that a new build is available to download. Navigate to the General > Program Updates node in the Tools explorer, click on Download and Install the new build.
Find out more about the Acunetix Web Vulnerability Scanner here.