Acunetix v13 Web Vulnerability Scanner What’s New

5-Feb-2020 Acunetix has announced the release of Acunetix Version 13. It is Web Vulnerability Scanner (WVS), for perform Dynamic Application Security Testing (DAST) to fulfil application security testing (AST). The new release comes with an improved user interface and introduces innovations such as the SmartScan engine, malware detection functionality, comprehensive network scanning, proof-of-exploit, incremental scanning, and more. This release further strengthens the leading position of Acunetix on the web security market.

What’s New Executive Summary:

• Full integration with a network scanner for comprehensive vulnerability management
• Malware scanning using Windows Defender or ClamAV
• The revolutionary SmartScan engine – find up to 80% vulnerabilities in the first 20% of the scan
• Incremental scans – you may scan only the parts of your web applications that changed
• Improved user experience thanks to a new user interface – better-looking, more intuitive, with more options
• Acunetix v13 introduces even more new and improved features, for example, proof of exploit, direct support for Angular, Vue, and React in DeepScan, more integration capabilities including GitLab, Bugzilla, and Mantis, and many more.

Unparalleled Performance

Scanning complex web applications using traditional web vulnerability scanners may take hours, having a serious impact on production site performance and internal processes. Acunetix addresses this problem by introducing even more innovations that improve scanning performance.

The SmartScan engine included with Acunetix v13 prioritizes unique pages to discover more vulnerabilities early on. In most cases, Acunetix SmartScan can find approximately 80 percent of vulnerabilities in the first 20 percent of the scan. The newest Acunetix engine also reduces the number of requests required to find vulnerabilities, which lessens the site load during the scan.

In addition to the SmartScan engine, the newest Acunetix release also introduces incremental scanning. You can choose to scan only the elements of your web application that have changed since the last full scan. On average, it shortens the process by 90 percent or more.

Comprehensive Security Coverage

With the release of Acunetix v13, network scanning functionality is now available on all platforms. Web vulnerabilities and network vulnerabilities are part of the same assessment and management processes.

In addition to the previously available malicious link discovery function, the newest Acunetix release also introduces web malware scanning. Acunetix discovers scripts on websites and web applications, downloads them, and scans them locally using Windows Defender on Windows or ClamAV on Linux.

Further Advances in Automation

Acunetix v13 introduces two new features that greatly improve automation, especially in the case of larger organizations. The vulnerability confidence level clearly indicates whether the vulnerability may need further manual confirmation. Critical vulnerabilities typically have a 100 percent confidence level, which means that they are fully verified. For most such vulnerabilities, Acunetix now also provides a proof-of-exploit, such as the content of a sensitive file downloaded from the server.

The newest release also enhances the import and integration capabilities of Acunetix. The scanner can now additionally import WADL, ASP.Net WebForms, and Postman files to seed the crawl. You can also export vulnerabilities to even more issue trackers: GitLab, Bugzilla, and Mantis.

Technology Improvements

With all the new advances comes an improved user interface, featuring better sorting and filtering as well as response highlighting and improved accessibility.

In addition to the above innovations and improvements, the Java AcuSensor technology now supports the Spring framework, while the DeepScan crawling engine can now directly recognize Angular 2, Vue, and React frameworks and adjust crawling to their requirements.

For more technical and what the latest build cover, please refer this dedicated document. >>

Product Edition

Same like version 12, version 13 have four editions. Standard, Premium, Acunetix 360 and Consultant Edition.

• Standard edition position to address small and medium businesses looking for the most advanced and efficient web vulnerability scanning engine.
• Premium edition position to address medium-sized and large organizations that seek to benefit from automation and integration in their security processes.
• Acunetix 360 edition position to address enterprise organizations that aim to make web security part of their complex processes including the SDLC.
• Consultant edition position to address security consultant and pentester that require standard edition feature but allow add/remove 5 target for the project requirements.

Technology Update and Briefing Session for End User and Business Partner

All the existing end user and business partner, feel free to register and attain one of the E-SPIN event dedicated for the what’s new session.

Feel free to contact E-SPIN for your project and solution requirement, end to end or point solution in depth, cover project hardware, software and services, from project management, application security testing (AST), complementary solution – from mobile application security testing (Mobile AST), static application security testing (SAST), software composition analysis (SCA), IDE secure code review, DevSecOps, penetration testing, vulnerability co-relation, verification and validation, server – mission critical systems to infrastructure/datacenter/cloud security testing in single package solution – industry certified training and product training, to maintenance support.

---

2020-Jun-4 A recorded session from one of the Acunetix v13 technology update sessions, for those who missed the webinar event, may play back from the video clip.