Acunetix v10.5 build 20160504 has been released. This new build updates the PCI DSS and the NIST compliance reports with the requirements of PCI DSS 3.2 and NIST 800-53 rev4 respectively. The new build also fixes an important bug uncovered earlier this week.
Improvements :
- Updated the PCI DSS compliance report for PCI DSS 3.2
- Updated the NIST Special Publication 800-53 – Recommended Security Controls for Federal Information Systems compliance report to comply with revision 4 of the publication
- Bug Fixes – Fixed a bug that could result in remote code execution
Acunetix v10.5 build 20160504 includes an updated PCI report to reflect the changes implemented in PCI DSS 3.2. Update to the latest build of Acunetix to start checking your systems against the new PCI requirements now. This will ensure you have enough time to take the recommendations before October 2016 when the PCI DSS 3.2 requirements come in full force.
Updating of SSL and TLS (Appendix A2)
In December of last year the PCI Council released an advisory about the phasing out of SSL and early TLS protocols in order to improve encryption security measures. This is particularly important in light of the serious vulnerabilities uncovered in the last couple of years such as HeartBleed and POODLE. While this was given with a far off deadline of June 2018, it has been included as an appendix to version 3.2 of the requirements and is linked to several aspects of them, namely:
Requirement 2.2.3 Implement additional security features for any required services, protocols, or daemons that are considered to be insecure.
Requirement 2.3 Encrypt all non-console administrative access using strong cryptography.
Requirement 4.1 Use strong cryptography and security protocols to safeguard sensitive cardholder data during transmission over open, public networks.
The PCI Council has urged that these protocols should not be used in any new builds and must be phased out as soon as possible.
This video is about Acunetix v10 Technical Overview by E-SPIN that will give you more information regarding this product.
For those who can not join us for the session, please see the summary and highlight clip for the event.
E-SPIN recently run a Acunetix v10 what’s new session cover what new for new user and existing users.
If you have any inquiry or questions, feel free to contact E-SPIN for solution, product and project requirements.