Acunetix WVS v6.5 build 20091124 released

In: Acunetix , Application Scanner , Vulnerability Scanner

24 November 2009

Acunetix Web Vulnerability Scanner (WVS) is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive web site and web application penetration testing

An updated build for Acunetix WVS Version 6.5 has been released with a number of improvements, bug fixes, and most important of all, a good number of new security checks.

New:

New security checks of AcuSensor Technology
curl_exec() url is controlled by user
PHP preg_replace used on user input
PHP super-globals-overwrite
PHP unseriazlie used on user input

Other new security checks of Acunetix WVS
osCommerce authentication bypass
Apache Tomcat insecure default administrative password
Apache Tomcat directory traversal
Checks for PHP invalid data type error messages
Check for possible remote SWF inclusion
Added further checks for possible sensitive files; general tests per server
Added further checks for possible sensitive directories; general tests per server
Added a new security check for SQL injection in the authentication header (basic authentication, base64 encoded)
Added AlertIfTextNotFound group parameter to invert search and issue an alert if a specified text is not found

Improvements:

Renamed Weak password module to Authentication module; now it also includes a good number of new authentication security checks
Improved Cross-site scripting in URI checks to include a number of Ruby on rails security checks
Improved Application errors security checks
Introduced 3 new setting parameters for the crawler in Settings.XML file:
262144
256
1000

Bug Fixes:

Fixed: false positives issued in weak password alert
Fixed: WSDL importer crash when importing recursive complex elements
Fixed: Crawler proxy request handling changed to decode the input name/value
Fixed Vulnerability Editor to show group parameters with default values if no VulnXML template is used
Changed HTTP_Anomalies to log PHP errors and save the results in a file instead of alerts
Hidden VulnXML properties for alerts that are not using VulnXML default template in Vulnerability Editor
Adjusted VulnXML to reduce the number of false positives for Blind SQL injection timing tests
Updated CSA engine; delete the BOM characters from script sources
Updated URL_Helper; UrlEncode/Decode modified not to use str := str + ch and to validate hex characters after %
Updated File_Inputs; possible values are limited in size now

Post scriptum

Download trial release

Compliance Mandates

Application Scanner :
PCI/DSS 6.3, SOX A12.4, GLBA 16 CFR 314.4(b) and (2), HIPAA 164.308(a)(1)(i), FISMA RA-5, SA-11, SI-2, ISO 27001/27002 12.6, 15.2.2
Vulnerability Scanner :
PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2

Acunetix	26 April 2010 : Acunetix WVS v6.5 build 20100419 released 7 April 2010 : Acunetix WVS v6.5 build 20100407 released 3 March 2010 : Acunetix WVS v6.5 build 20100303 released 10 February 2010 : Acunetix WVS v6.5 build 20100210 released 3 February 2010 : Acunetix WVS v6.5 build 20100203 released
Application Scanner	10 May 2010 : SQLNinja v0.2.5 released! 1 May 2010 : WhatWeb just updated to v0.4.2 29 April 2010 : WhatWeb v0.4.1 - released 28 April 2010 : NSIA (Network System Integrity Analysis) v0.8.99 released 25 April 2010 : Skipfish v1.33b released
Vulnerability Scanner	12 May 2010 : Complemento v0.7.6 - Collection of Tools 22 April 2010 : OpenSCAP v0.5.9 released 20 April 2010 : Sandcat v4.0 released 15 April 2010 : Nessus v4.2.2 released 9 April 2010 : SARA-7.9.2a the final version released

Acunetix WVS v6.5 build 20091124 released

Post scriptum

Compliance Mandates

Related Articles

Follow us

Like us !

Most Read

Advertising

License

Categories

COMPANY

STANDARDS

RECENT POSTS

MENU