Business Logic Security Testing with Acunetix v10

Business logic in web applications refers to the encoding of real-world business rules that determine how data should be created, displayed, stored, and changed in a workflow-style process.

Applications implementing business logic are not easy to test automatically because they are meant to be used and understood by humans, not automated software. So for example, if we needed to test a shopping cart with a specific process for checking out, we’ll need to supply the correct values to the application at different stages of the workflow.

While we can automate some of this behaviour by defining a list of input field values to set during the crawl and scan, this tends to be a slow, cumbersome and sometimes error-prone process.

Acunetix WVS 10 introduces support for Selenium IDE Test Cases. Selenium is a popular, free and open-source browser automation framework that is used heavily by quality assurance and development teams to automate web applications. The Selenium project provides two ways to use it — Selenium IDE and Selenium WebDriver.

Install and set up Selenium IDE


Selenium IDE is a Firefox add-on that will allow you to record and playback interactions with the browser. The output of Selenium IDE is a Test Case in HTML format.

Selenium WebDriver, on the other hand is a collection of language-specific bindings to drive a browser. Quality assurance engineers can create Selenium WebDriver scripts using language-specific client drivers for Java, C#, Ruby, Python or JavaScript (NodeJS).

Selenium WebDriver is great for robust tests if you’re comfortable writing scripts, however, if you need to use something quick and simple, then the weapon of choice should most likely be the Selenium IDE.

Acunetix WVS can leverage both Selenium IDE Test Cases as well as custom Selenium WebDriver scripts (regardless of the language-binding they are using).

Using a Selenium IDE Test case is as simple as downloading and installing the Firefox plugin, recording the test case and selecting the saved HTML test case in the Acunetix WVS Scan Wizard.



Using Selenium WebDriver with Acunetix WVS can be achieved by using the command line during a crawl. We can dynamically pre-seed crawls in Acunetix WVS by running a command and proxying all HTTP/HTTPS traffic to an HTTP proxy that Acunetix WVS temporarily sets up.

The below Python script will leverage WebDriver to automate Firefox (other browsers can be used). In order to proxy traffic to Acunetix WVS, we’ll instruct WebDriver to set the browser’s proxy settings to on the port that the user sets using the –port command line argument. This argument will then be used by Acunetix WVS to dynamically assign a port number.



#!/usr/bin/env python

# Import required modules to use throughout our script
import sys
import argparse
from selenium import webdriver
from selenium.webdriver.common.proxy import *

def main():
	# Set up the --port/-p argument to set the browser's proxy port
	parser = argparse.ArgumentParser()
	parser.add_argument("-p", "--port", help="set up the port you want to use")
	args = parser.parse_args()

	# If no port is specified, print out the help message and exit the program
	if not args.port:

	# Create a new Firefox profile
	firefox_profile = webdriver.FirefoxProfile()

	# Setting up our new Firefox profile configuration
	# The values you see below come from Firefox's about:config file
	# network.proxy.type 1 refers to manual configuration of the profile's proxy settings
	firefox_profile.set_preference("network.proxy.type", 1)

	# Set the proxy host to (localhost)

	# Make sure that the new Firefox profile does not exclude 'localhost'
	firefox_profile.set_preference("network.proxy.no_proxies_on", "")

	# Set the proxy port to the user-specified port (e.g. ${proxy-port} for Acunetix WVS)
	firefox_profile.set_preference("network.proxy.http_port", int(args.port))

	# Update the new profile's preferences that were just configured.

	# Generate a new Firefox profile to use throughout the script.
	web_driver = webdriver.Firefox(firefox_profile=firefox_profile)

	# WebDriver Test Here
	# ---------------------------------------- #
	# ---------------------------------------- #

# Initialize our script
if __name__ == "__main__":


We can now run this test by entering the following in Acunetix WVS’ command line option

python C:\test-cases\ --port ${proxy-port}



Share this post

Leave a Reply

Your email address will not be published.