Acunetix Web Vulnerability Scanner 8 (WVS 8) - Build 20120704

New cross-site scripting security checks in latest Acunetix WVS build


Acunetix are pleased to announce an updated build of Acunetix Web Vulnerability Scanner 8 (WVS 8). The new build 20120704, includes a number of new security checks, improvements and bug fixes. The highlight of this new Acunetix Web Vulnerability Scanner 8 build is that it includes cross-site scripting security checks for HTML5 web applications, and also for responses of text/xml content-type.

New Security Checks:
  • Added a number of new HTML 5 Cross-site scripting security checks
  • content-type text /xml responses are now being checked for XSS vulnerabilities
  • Using Windows 8.3 short filenames techniques to check for information disclosure
  • Checks for Microsoft IIS Tilde directory enumaration problems
  • A number of new security checks for Webadmin
  • Checking for MySQL, RubyonRails and phpMyAdmin SQL dump files on web applications
  • File disclosure via XXE Injection tests for Zend Framework
  • Information disclosure checks in environment variables
Improvements:
  • Improved Directory Traversal security checks
  • Less false positives reported by the HTML Forms security checks
Bug Fixes:
  • Custom cookies paths are now set correctly to the start URL
  • Login Sequence Recorder now executes Javascripts even if there are js errors
  • New discovered input parameters variations are added to the list of input variations rather than ignored

How to Upgrade to Build 20120704

On starting Acunetix Web Vulnerability Scanner 8, a pop-up window will automatically notify you that a more recent build is available for download. Navigate to the General > Program Updates node in the Tools explorer, click on Download and Install the new build.

Previous post regarding Acunetix -
http://santoshdudhade.blogspot.in/2012/06/acunetix-web-vulnerability-scanner-scan.html
http://santoshdudhade.blogspot.in/2012/06/acunetix-web-vulnerability-scanner-8.html