Acunetix Web Vulnerability Scanner (WVS) is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive web site and web application penetration testing.
New Functionality in Acunetix Web Vulnerability Scanner v9
Added a test for Joomla! JomSocial component < 184.108.40.206 – Remote code execution
Added a test for a MediaWiki Remote Code Execution vulnerability affecting versions older than 1.22.2,1.21.5 and 1.19.11
Added a test for Minify arbitrary file disclosure
Added a test for Ektron CMS admin account takeover
Added a test for Zabbix SQL injection vulnerability
Added a test for IBM Web Content Manager XPath Injection
Added a test for YUI library uploader.swf cross site scripting vulnerability. This library is included in many web applications, including vBulletin v4 and v5
Added a test for Horde Remote Code Execution
Added a test for Joomla! JCE Arbitrary File Upload
Added a test for Oracle Reports vulnerabilities. These vulnerabilities allow an attacker to gain remote shell on the affected server
Added a test for XXE vulnerabilities in OpenID implementations, which is able to detect XXE vulnerabilities similar to the one found on Facebook recently
A knowledge base item is added each time a known web application is detected (e.g. WordPress web application was detected in directory /blog/)
Scanning of WordPress sites has been made more efficient
Improved coverage of ASP.NET based websites
Improved XSS testing script
Fixed bug in the pagination of the Scheduler Web Interface
The Login Sequence Recorder was ignoring the maximum size HTTP option
Fixed an issue causing the crawler to create multiple entries of the same custom cookie.
Fixed a bug causing the HTTP sniffer to always listen on localhost
Fixed a bug in the console application preventing scanning from older saved crawl results.
Fixed a crash caused at start-up caused by the DeepScan agent not starting.