SBN

New build includes support for OpenSearch and detects vulnerabilities in Oracle BI, Jira, Apache Spark, and Python Code Injection

Acunetix version 12 (build 12.0.190827161) has been released. This new build introduces a number of updates including support for OpenSearch, support for base64 encoded JSON inputs, and discovery and testing of hidden parameters. In addition, new vulnerability checks have been developed for Oracle Business Intelligence, Atlassian Jira, Atlassian Crowd, Apache Spark, ColdFusion, and Python Code Injection. The new build also includes a number and fixes, all of which are available for Acunetix on-premise for Windows and Linux and Acunetix Online.

Here is a full set of updates:

New Features

  • Implemented support for OpenSearch
  • Acunetix will try to discover hidden parameters and test them
  • Acunetix can now check base64-encoded JSON inputs for vulnerabilities

New Vulnerability Checks

Updates

  • Updated UI to accept IPv6 addresses
  • Multiple improvements to DeepScan
  • Improved the Directory Traversal check
  • Updated the scan limits, reducing repeated requests to larger sites
  • Acunetix will now extract and process gzipped files
  • Multiple updates to parsing and heuristic crawler features
  • Improved the vulnerability deduplication – similar vulnerabilities will be reported once
  • Improved reporting of the cause of scan failures (e.g. website is unresponsive, invalid import file, etc.)
  • Credentials provided to Auto-Login or LSR will not be used for vulnerability tests
  • Improved processing of Selenium scripts
  • Improved login form detection by Auto-Login feature
  • Improved WebLogic detection and testing for default WebLogic credentials
  • Improved detection of Vulnerable JavaScript libraries check

Fixes

  • Fixed a number of issues causing the scanner to stop unexpectedly
  • Fixed issue causing AcuMonitor checks to be done when AcuMonitor is not enabled
  • Fixed issue with WSDL parsing
  • Fixed: Reflected tests (e.g. reflected XSS) was not done on JSON inputs
  • Fixed issue causing 100% CPU usage when processing certain pages
  • Fixed hang in the Acunetix Administrative Password utility on Windows
  • Fixed: DeepScan was not processing XHTML pages
  • Fixed issue causing Chromium process to remain active after PDF report generation
  • Fixed issue caused by background requests when recording a login sequence
  • Fixed issue when recording a login sequence on a site that uses cross-domain iframes
  • Fixed issue when parsing WADL
  • Fixed issue causing Host Header Attack false negatives
Nicky SciberrasNicholas Sciberras Chief Technical Officer
LinkedIn: https://www.linkedin.com/in/nicholas-sciberras/

As the CTO at Acunetix, Nicholas is passionate about IT security and technology at large. Prior to joining Acunetix in 2012, Nicholas spent 12 years at GFI Software, where he managed the email security and anti-spam product lines, led multiple customer service teams and provided technical training.


*** This is a Security Bloggers Network syndicated blog from Web Security Blog – Acunetix authored by Nicholas Sciberras. Read the original post at: http://feedproxy.google.com/~r/acunetixwebapplicationsecurityblog/~3/FvICyFxBu2U/