Added several new backup file checks to improve the coverage
Improved the number of combinations that Common Directory checks find
Added support for using digits in custom URL rewrite parameter names
Added new XSS attack patterns to detect a full URL vulnerability and remote XSS attacks
Added HTTP POST method support for Open Redirection security tests
Improved resource finder behavior by falling back to GET requests when HEAD requests are failing
Improved detection of XSS vulnerabilities in CSS blocks
Improved vulnerability template for Open Redirection vulnerabilities
Increased coverage by finding LFI vulnerabilities exposed to file:// protocol
Set default maximum vulnerability report limit to 1000 for active engines
Improved detection of Remote Code Execution and DoS in HTTP.sys vulnerability
FIXES
Fixed a race condition issue which occurs while adding new links on DOM simulation
Fixed an InvalidOperationException issue which occurs while trying to apply token parameter values
Fixed incorrect parsing of multiple response headers with same name on DOM simulation and DOM XSS attacks
Fixed a vulnerability template generation issue where temporary files were being kept on disk
Fixed installer to handle .NET framework versions released after 4.5.2
Fixed the incorrect description text for SQL Injection security test on scan policy editor dialog
Fixed “Maximum 404 Pages to Attack” scan policy option which was previously limiting the maximum page number to 10 no matter what set with this option
By using this website you agree with our use of cookies to improve its performance and enhance your experience. More information in our Privacy Policy.
