New Security Checks and Features Added to Acunetix Web Vulnerability Scanner
- Wednesday, June 13, 2012, 6:41
- Threat Research
We are pleased to announce an updated build of Acunetix Web Vulnerability Scanner 8 (WVS 8). The new build 20120613 offers a number of new security checks, new scanner funtionalities, improvements and bug fixes.
New Security Checks
New security checks for Microsoft SharePoint.
Debug Parameters test offers you the ability to check your web applications if common debug parameters, such as “?debug=1” disclose sensitive information.
New Cross-Site Scripting checks for Ruby on Rails / Homakov variants.
Security check for JetBrains .idea project directory.
ToolsPack backdoor verification.
Security check for Fantastico_Filelist information disclosure.
Tests for authentication bypass vulnerabilities in MySQL, MariaDB (CVE-2012-2122).
Check for Nginx restrictions bypass (CVE-2011-4963).
New checks when phpinfo() page is discovered: all html in such page is parsed and various alerts are issued reporting PHP configuration problems (display_errors on, register_globals etc).
Ability to export report in the Report Viewer.
Alerts you when HTML forms do not have CSRF protection.
Rewrote the ASP_NET_Oracle_Padding security script.
Improved SVN/GIT repository security scripts.
Improved presentation for all the alerts generated by crawler by showing more attack details.
Login sequence recorder is now using the configured user-agent.
Cookies path parameters are better supported.
The scheduler authentication checkbox is restored properly if you press “Cancel”.
Fixed theTrace/Track HTTP method test security script issue.
The input forms which are part of the login sequence are no longer filled with HTML