4-May-2016

New Features

• Ability to export the scanners' findings as ModSecurity web application firewall rules.
  
• Scan Time Window that allows you to specify when the scanner can scan your website or not.

NEW SECURITY CHECKS

• Detection of SQLite Database files.
• Detection of Microsoft Outlook Personal Folders File (.pst) files.
• Detection of DS_Store files.
• Detection of SVN files, supporting the latest version of SVN.

IMPROVEMENTS

• Improved LFI "Long attack - boot.ini" attack.
• Added Internet Explorer 10, 11 and Microsoft Edge browser user agent values.
• Improved the performance of the scan session auto saves.
• Improved link importing to better handle relative URLs.
• Improved the "MIME Types" knowledge base list by ordering items alphabetically.
• Added "Extract static resources" option to JavaScript scan policy settings.
• Improved coverage of XML External Entity engine.

FIXES

• Fixed an attacking issue that occurs when retesting a vulnerability in an incremental scan.
• Fixed a link parsing issue in the text parser where links were incorrectly split.
• Fixed a form authentication "Override Target URL with authenticated page" issue which caused a wrong URL to be identified as the "Target URL".
• Fixed a highlighting issue where the URL for "Insecure Frame (External)" vulnerability is partially highlighted.
• Fixed an incorrect "Source Code Disclosure" vulnerability report when the response contained an ASP.NET event validation code sample.
• Fixed a broken link in XSS vulnerability templates.