Acunetix v24.8 发布,新增功能概览
Acunetix v24.8 (Linux, Windows) - Web 应用程序安全测试
Acunetix | Web Application Security Scanner
请访问原文链接:https://sysin.org/blog/acunetix/,查看最新版。原创作品,转载请保留出处。
作者主页:sysin.org
重要提示
Acunetix Premium 现在使用日历化版本命名。请注意,从版本 23.6.230628115 开始,不再支持 Windows 8、Server 2012 和 Server 2012 R2。请将您的 Windows 操作系统更新到 Windows 10(或更高版本)或 Windows Server 2016(或更高版本)以使用此版本和即将发布的版本。
Acunetix 漏洞扫描器,管理您的网络安全。
29 Aug 2024
Acunetix Premium - v24.8
New Features
- You can now upload RAML API specs to extend the coverage of API scanning
- Added support for Apache Tomcat 11 in JAVA IAST sensor
- RAML API specification can now be used as an API definition import file
- Implemented support for scanning HTTP/2 websites
New Security Checks
- Next.js image Blind SSRF
- SolarWinds Web Help Desk RCE (CVE-2024-28986)
- Apache HTTP Server Confusion Attacks (CVE-2024-38472, CVE-2024-39573, CVE-2024-38477, CVE-2024-38476, CVE-2024-38475, CVE-2024-38474, CVE-2024-38473, CVE-2023-38709)
- Jelly Template Injection Vulnerability in ServiceNow UI Macros (CVE-2024-4879, CVE-2024-5217)
- SuiteCRM SQL Injection (CVE-2024-36412)
- Odoo XSS (CVE-2023-1434)
- Mura/Masa CMS JSON API RCE
- Lucee CF_CLIENT_ RCE
- Lucee Stacktrace Information Disclosure
- Lucee Unset Admin Password
- Updated WordPress plugins vulnerabilities database
- GeoServer RCE (CVE-2024-36401)
Improvements
- Minor cosmetic UI/UX issues have been addressed across the app
- The Scan Details screen for reviewing scan results has been modernized and upgraded with runtime SCA findings (Acunetix Online only, On-Premises coming soon)
- The agent status now shows 'Unknown' instead of 'Error' when the agent hasn't shared its status for some time
- Improved testing of path fragments
- A new scan report for SCA is now available - Learn more
- API Discovery: Added the ability to start scans directly from the list of discovered and linked APIs
- API Discovery: Added functionality to change the base URL of an already linked API
- Updated scanner to handle security definitions within Swagger
Fixes
- Updated scanner to use default Scan speed settings when scan speed settings are missing
- Fixed false positive in the detection of Possible Virtual Host Found
- Fixed false positive in the detection of CVE-2024-6387
下载地址
Acunetix Premium v24.8 - 29 August 2024
请访问:https://sysin.org/blog/acunetix/
Invicti:
- Invicti v24.8.1 for Windows - Web 应用程序安全测试
更多相关产品:
- Magic Quadrant for Application Security Testing 2022
- Magic Quadrant for Application Security Testing 2023
更多:HTTP 协议与安全