Acunetix v24.8 釋出,新增功能概覽

sysin發表於2024-09-01

Acunetix v24.8 釋出,新增功能概覽

Acunetix v24.8 (Linux, Windows) - Web 應用程式安全測試

Acunetix | Web Application Security Scanner

請訪問原文連結:https://sysin.org/blog/acunetix/,檢視最新版。原創作品,轉載請保留出處。

作者主頁:sysin.org

重要提示

Acunetix Premium 現在使用日曆化版本命名。請注意,從版本 23.6.230628115 開始,不再支援 Windows 8、Server 2012 和 Server 2012 R2。請將您的 Windows 作業系統更新到 Windows 10(或更高版本)或 Windows Server 2016(或更高版本)以使用此版本和即將釋出的版本。

Acunetix 漏洞掃描器,管理您的網路安全。

acunetix-logo

29 Aug 2024

Acunetix Premium - v24.8

New Features

  • You can now upload RAML API specs to extend the coverage of API scanning
  • Added support for Apache Tomcat 11 in JAVA IAST sensor
  • RAML API specification can now be used as an API definition import file
  • Implemented support for scanning HTTP/2 websites

New Security Checks

  • Next.js image Blind SSRF
  • SolarWinds Web Help Desk RCE (CVE-2024-28986)
  • Apache HTTP Server Confusion Attacks (CVE-2024-38472, CVE-2024-39573, CVE-2024-38477, CVE-2024-38476, CVE-2024-38475, CVE-2024-38474, CVE-2024-38473, CVE-2023-38709)
  • Jelly Template Injection Vulnerability in ServiceNow UI Macros (CVE-2024-4879, CVE-2024-5217)
  • SuiteCRM SQL Injection (CVE-2024-36412)
  • Odoo XSS (CVE-2023-1434)
  • Mura/Masa CMS JSON API RCE
  • Lucee CF_CLIENT_ RCE
  • Lucee Stacktrace Information Disclosure
  • Lucee Unset Admin Password
  • Updated WordPress plugins vulnerabilities database
  • GeoServer RCE (CVE-2024-36401)

Improvements

  • Minor cosmetic UI/UX issues have been addressed across the app
  • The Scan Details screen for reviewing scan results has been modernized and upgraded with runtime SCA findings (Acunetix Online only, On-Premises coming soon)
  • The agent status now shows 'Unknown' instead of 'Error' when the agent hasn't shared its status for some time
  • Improved testing of path fragments
  • A new scan report for SCA is now available - Learn more
  • API Discovery: Added the ability to start scans directly from the list of discovered and linked APIs
  • API Discovery: Added functionality to change the base URL of an already linked API
  • Updated scanner to handle security definitions within Swagger

Fixes

  • Updated scanner to use default Scan speed settings when scan speed settings are missing
  • Fixed false positive in the detection of Possible Virtual Host Found
  • Fixed false positive in the detection of CVE-2024-6387

下載地址

Acunetix Premium v24.8 - 29 August 2024

請訪問:https://sysin.org/blog/acunetix/

Invicti:

  • Invicti v24.8.1 for Windows - Web 應用程式安全測試

更多相關產品:

  • Magic Quadrant for Application Security Testing 2022
  • Magic Quadrant for Application Security Testing 2023

更多:HTTP 協議與安全

相關文章