Acunetix Blog, Blog
Acunetix version 12 is now released!
New update includes a new scanning algorithm, support for Spring Framework and new vulnerability checks for Ruby on Rails, Jira, Apache Tapestry, Golang, vBulletin, and others
Acunetix version 12 (build 12.0.191121158) has been released.
This new build introduces a new scanning algorithm that removes redundant scanning tasks. In addition, the scanning tasks are prioritized in a way that gives dissimilar locations higher scanning priority, improving the time to detect dissimilar vulnerabilities. The latest Acunetix update adds a good number of important vulnerability checks and includes various updates and fixes, which are available for all editions of Acunetix.
Here is the full set of updates:
New Features
- New scanning algorithm resulting in faster scans
- The scanner will give higher priority to locations that are dissimilar to ones that have already been scanned
- JAVA AcuSensor now supports the JAVA Spring Framework
New Vulnerability Checks
- New check for Ruby on Rails code injection
- New check for Perl code injection
- AcuMonitor can now detect OOB PHP evaluation of user input
- New check for prototype pollution
- New check for blind XSS via CSP report-uri
- New check for Jira Unauthorized SSRF via REST API
- New check for Apache Tapestry weak secret key
- New check for Oracle PeopleSoft SSO weak secret key
- New check for Yii2 weak secret key
- New check for Web2py weak secret key
- New check for Golang runtime profiling data
- New check for Adminer 4.6.2 file disclosure vulnerability
- New check for Apache mod_rewrite open redirect (CVE-2019-10098)
- New check for Flask weak secret key
- New check for Express express-session weak secret key
- New check for vBulletin 5.x 0day pre-auth RCE
- New check for argument injection
- New checks for WordPress core, WordPress plugins, and Joomla
Updates
- Deepscan is now caching static assets; this will result in faster scans
- Improved memory consumption by the scanner
- Improved processing of forms and form handling
- Improved detection of paths
- The scanner will now process commented-out HTML
- Updated command injection payloads
Fixes
- Fixed scanner crash
- Fixed WAF detection false positive
- Fixed: Check for sensitive files was accessing restricted links
- Fixed issue causing the scanner to multi-line session validation pattern
- Fixed: Some locations were incorrectly detected by DeepScan
- Fixed issue causing integrated LSR to close due to ad blocking
- Fixed issue with HAR import files
- Fixed issue in the detection of weak authentication credentials
- Fixed issue affecting the detection of DOM XSS vulnerabilities
- Fixed issue in the detection of a possible username and password disclosure
- Fixed issue with recording restricted links in Internet Explorer
- Fixed: Tech admin can now configure the engine to be used for a target
- Fixed issue affecting scanning of domains with international characters
Upgrade to the latest build
If you are already using Acunetix v12, you can initiate the automatic upgrade from the new build notification in the Acunetix UI > Settings page.
For more Information about Acunetix, visit our page: Acunetix
Acunetix Editions
Acunetix Web Application Vulnerability Report 2019
LOGON is a pan-asian company operating in India, Bangladesh, Sri Lanka, Hong Kong, Macau, China, Singapore, Malaysia, Indonesia, Vietnam, Philippines and Thailand. LOGON has local dedicated trained product specialists in Hong Kong, Guangzhou, Kuala Lumpur, Mumbai and Bangalore. LOGON acts both as value added reseller and sole distributor for award winning software solutions. Customers can buy new licenses, purchase upgrades and renewals from any of our local offices. Contact us for first line support during evaluations, PoCs. We offer best practices consulting services and classroom online training. Check our site for latest offers, special discounts, bundle deals, etc..
LOGON works with corporate clients and systems integrators by offering Vulnerability Management that offer continuous monitoring, vector analytics and modeling, integration with Software Development Life Cycle, Threat intelligence platforms and deliver Graphical attack modeling and compliance reporting. LOGON offers products from Acunetix, NetSparker, Flexera / Secunia etc. Other security solutions include Veracode, Whitehat, OPSWAT, Tenable, QUALYS, etc.. These solutions offer both Static Analysis (SAST) and Dynamic Analysis (DAST) that help Penetration Testers test Vulnerability Remediation, Cyber Exposure needs and Risk Assessment.