Information Acuentix V.24.2.240226074
Acunetix bukan hanya pemindai kerentanan web.
Ini adalah solusi pengujian keamanan aplikasi web lengkap
yang dapat digunakan baik mandiri maupun sebagai bagian
dari lingkungan yang kompleks. Ini menawarkan penilaian kerentanan
dan manajemen kerentanan bawaan, serta banyak opsi untuk integrasi
dengan alat pengembangan perangkat lunak terkemuka di pasar.
Dengan menjadikan Acunetix sebagai salah satu langkah keamanan Anda,
Anda dapat secara signifikan meningkatkan sikap keamanan siber Anda
dan menghilangkan banyak risiko keamanan
dengan biaya sumber daya yang rendah.
Selain kerentanan aplikasi web, seperti SQL Injection
dan Cross-site Scripting (XSS), Acunetix membantu Anda
menemukan ancaman keamanan lainnya. Ini termasuk masalah
konfigurasi server web atau kesalahan konfigurasi, aset yang tidak dilindungi,
malware, dan ancaman keamanan lainnya yang tercantum dalam OWASP Top 10.
Untuk melindungi aset utama Anda, Anda dapat menggunakan teknologi
unik AcuSensor IAST untuk PHP, Java, atau .NET. Teknologi ini membantu
Anda memulihkan dengan mempermudah untuk menentukan penyebab
lubang keamanan. Acunetix terintegrasi dengan alat open-source OpenVAS.
Pemindai keamanan jaringan ini membantu Anda memindai rentang alamat IP
Anda untuk menemukan port terbuka dan kerentanan keamanan lainnya khusus
untuk perangkat jaringan. Anda dapat menangani kerentanan web
dan jaringan Anda bersama-sama menggunakan satu dashbor.
NEW FEATURES :
- Added the ability to use Aria Roles to provide better coverage
- Introduced PCI DSS 4.0 report. Note that PCI DSS 3.2 will reach
the end of its support or relevance by the end of March
- .NET IAST now supports .NET 8 (currently in Open Beta)
NEW SECURITY CHECKS :
- XXE in Ivanti Connect Secure, Policy Secure and Neurons (CVE-2024-22024)
- Magento 2.0-2.3 End of life
- ColdFusion Access Control bypass (CVE-2023-29298 / CVE-2023-38205)
- ColdFusion XSS (CVE-2023-44352)
- Skype for Business SSRF (CVE-2023-41763)
- VMware Aria Operations for Networks RCE (CVE-2023-20887)
- IBM Aspera Faspex RCE (CVE-2022-47986)
- GeoServer SSRF (CVE-2021-40822)
- WSO2 Management Console XSS (CVE-2022-29548)
- SSRF in Ivanti Connect Secure, Policy Secure and Neurons (CVE-2024-21893)
- LISTSERV XSS (CVE-2022-39195)
- Unrestricted access to MLflow
- KeyCloak Information Disclosure (CVE-2020-27838)
- CloudPanel file-manager Auth bypass (CVE-2023-35885)
- TestRail Information Disclosure (CVE-2021-40875)
- Grafana Snapshot Authentication Bypass (CVE-2021-39226)
- Harbor Unauthorized Access Vulnerability
- Ghost CMS Theme Path Traversal (CVE-2023-32235)
- cPanel XSS (CVE-2023-29489)
- GoAnywhere MFT Authentication Bypass (CVE-2024-0204)
- Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron
Core API Auth bypass (CVE-2023-35082)
- Unauthenticated OGNL injection in Confluence Server
and Data Center (CVE-2023-22527)
- Authentication Bypass in Ivanti Connect Secure
and Policy Secure (CVE-2023-46805)
- RCE in Ivanti Connect Secure and Policy Secure (CVE-2024-21887)
- GeoServer WMS SSRF (CVE-2023-43795)
- Ivanti Sentry Authentication Bypass (CVE-2023-38035)
- SAP SAP BusinessObjects Business Intelligence
Platform XXE (CVE-2022-28213)
- SysAid On-Premise RCE (CVE-2023-47246)
- Multiple ColdFusion WDDX Deserialization RCEs
(CVE-2023-44353 / CVE-2023-38203 / CVE-2023-38204)
IMPROVEMENTS :
- Updated Chromium to 121.0.6167.139/140
- Improved detection of DOM-based Cross Site Scripting (XSS)
- Improved the way that "Content Security Policy Misconfiguration"
alerts are reported
- Improved detection of Client Side Prototype Pollution (CSPP)
- IAST scans will start reporting the IAST sensor version used for the scan
- New column "Result" is shown in the list of scans to provide
more details about scan outcome
- Enhanced support for OTP apps by displaying
the activation code next to the QR code
- Improved crawling of Single Page Applications (SPA)
that are using Ionic Framework
- Added the ability to scan web applications which
require browsing in a single browser tab
- Upgraded user experience of in-app notifications
- Updated UX of notifications dropdown
- When accessing the application from a different location or browser,
all other sessions are promptly terminated. Previously, users were notified,
causing inconvenience when working from various locations
FIXES :
- Fixed a bug caused by the engine not respecting Cache-Control directive
- In rare situations, a report being generated could have resulted
in an Internal server error. This issue has now been fixed
- Fixed several minor user experience issues across the application
Download Acunetix V24.2 :
- server google drive [disini]
- server cloud [disini]
Installasi Acunetix V24.2 Linux server :
setting host local di pc server anda, contoh di directory /etc/hosts
127.0.0.1 erp.acunetix.com127.0.0.1 erp.acunetix.com.::1 erp.acunetix.com::1 erp.acunetix.com.192.178.49.174 telemetry.invicti.com192.178.49.174 telemetry.invicti.com.2607:f8b0:402a:80a::200e telemetry.invicti.com2607:f8b0:402a:80a::200e telemetry.invicti.com.
install acunetix.sh, contoh
$ sudo bash acunetix_24.2.240226074_x64.sh
sudah proses installasi selesai,
service acunetix matikan dulu atau di stop/berhenti
$ systemctl stop acunetix.service
kemudian replace wvsc file :
$ sudo cp wvsc /home/acunetix/.acunetix/v_240226074/scanner/wvsc$ sudo chown acunetix:acunetix /home/acunetix/.acunetix/v_240226074/scanner/wvsc$ sudo chmod +x /home/acunetix/.acunetix/v_240226074/scanner/wvsc
copy lisensi :
$ sudo rm /home/acunetix/.acunetix/data/license/*$ sudo cp license_info.json /home/acunetix/.acunetix/data/license/$ sudo cp wa_data.dat /home/acunetix/.acunetix/data/license/$ sudo chown acunetix:acunetix /home/acunetix/.acunetix/data/license/license_info.json$ sudo chown acunetix:acunetix /home/acunetix/.acunetix/data/license/wa_data.dat$ sudo chmod 444 /home/acunetix/.acunetix/data/license/license_info.json$ sudo chmod 444 /home/acunetix/.acunetix/data/license/wa_data.dat$ sudo chattr +i /home/acunetix/.acunetix/data/license/license_info.json$ sudo chattr +i /home/acunetix/.acunetix/data/license/wa_data.dat
setelah semua selesai, jalankan kembali service acunetix nya
$ systemctl restart acunetix.service
login web GUI dengan port seperti biasa 3443
$ https://10.10.10.666:3443
video tutorial acunetix v24.2 :
oke sekian dan selamat menggunakan Acunetix V24.2..
0 Comments