You may remember a while back we did a Review of Acunetix Web Vulnerability Scanner 6 – the very full featured web vulnerability scanning software.
Well the latest version has been released recently with some updates, bug fixes and improvements on the web application security front.
I’m hoping to try out the AcuSensor on a PHP install soon to see what kind of information it can give me.
A full review isn’t really need as the installation, interface and features are mostly the same as version 6.
One of the great new features is the Login Sequence Recorder (LSR), which can record the exact sequence needed to login to a site and replay it.
Combine this with the Session Auto Recognition module, which will identify when a logged in session is invalided or expired and will re-login automatically and you have a great tool for scanning authentication based web applications.
There is also a lot more support for JSP/Tomcat based application, I haven’t had chance to test this as I don’t deal with many Java based web applications.
Also included are some back-end and interface changes like the display of port scan & network alerts separately from the web alerts, which does make it easier to see where the issues are.
Backend stuff like cookie handling and Blind SQL Injection methods have been improved, you can also import your settings from Version 6 if you are currently using that.
The pricing can be found here (in both Euros and USD).
If you want to know more about the features you can download the manual here:
Acunetix WVS 6.5 Manual [PDF]