Why did Acunetix WVS display a message window stating that URL rewrite was detected during a scan?

URL rewrite (ex. mod_rewrite) is a common technology which is enabled on a web server to change the format of the URL being requested on the fly, for search engine crawling purposes. Common example: http://testasp.vulnweb.com/showthread.asp?id=1 can be rewritten automatically into: http://testasp.vulnweb.com/showthread.asp/id/1 ?id=1 is a parameter input, however with URL rewrite it can be rewritten to […]

Read More →

How can I define my own URL rewrite rules?

When used by a website, URL rewrite rules need to be defined in Acunetix WVS to instruct the Crawler on how to recognize rewritten URLs, otherwise some URLs will be misinterpreted as directories — which will result in an incorrect scan. In this FAQ we will detail one of the URL rewrite rules needed to […]

Read More →

How can I integrate Acunetix WVS with another third party application?

Acunetix WVS offer command-line support, which provides similar functionality and is an easy way to integrate Acunetix WVS with other third party applications. If you wish to run the Acunetix WVS console application then you can run ‘wvs_console.exe’ from the Acunetix WVS installation directory. In case you wish to generate a report using the command-line support […]

Read More →

FAQ: Where are Acunetix WVS files stored?

Acunetix Web Vulnerability Scanner 8 stores application settings, scan results and configuration information in different  files and directories. These are divided in three categories: Data directory, Application directory, and Scheduler Saves directory. You can browse to them from the main toolbar drop down menu WVS Help > Application Directories. Data is the first application directory, […]

Read More →

FAQ: What additional features does Acunetix WVS include?

The following features complete the Acunetix WVS scanning arsenal: Innovative AcuSensor technology Web server configuration detection Web server security scan (Port Scanner) against services such as DNS, SSH etc Dictionary (brute force) attacker to test password strength of login pages or HTTP authentication Report Generator to create professional and regulatory compliance reports specifying detected vulnerabilities […]

Read More →

FAQ: How does Acunetix reduce false positives?

Acunetix WVS is a heuristic scanner and not a signature based scanner, which by design is an efficient way of reducing false positives. With the introduction of AcuSensor Technology, false positive reporting has been drastically reduced because vulnerability detection is no longer based on just the error messages returned from the server or web application, but also […]

Read More →