- Added ModSecurity WAF rule generation feature.
NEW SECURITY CHECKS
- Detection of SQLite Database files.
- Detection of Microsoft Outlook Personal Folders File (.pst) files.
- Detection of DS_Store files.
- Detection of SVN files, supporting the latest version of SVN.
- Improved LFI “Long attack – boot.ini” attack.
- Added Internet Explorer 10, 11 and Microsoft Edge browser user agent values.
- Improved the performance of the scan session auto saves.
- Improved link importing to better handle relative URLs.
- Improved the “MIME Types” knowledge base list by ordering items alphabetically.
- Improved coverage of XML External Entity engine.
- Fixed an attacking issue that occurs when retesting a vulnerability in an incremental scan.
- Fixed a link parsing issue in the text parser where links were incorrectly split.
- Fixed a form authentication “Override Target URL with authenticated page” issue which caused a wrong URL to be identified as the “Target URL”.
- Fixed a highlighting issue where the URL for “Insecure Frame (External)” vulnerability is partially highlighted.
- Fixed an incorrect “Source Code Disclosure” vulnerability report when the response contained an ASP.NET event validation code sample.
- Fixed an ObjectDisposedException which occured while trying to close the Authentication Verification dialog.
- Fixed a broken link in XSS vulnerability templates.