Acunetix WVS 8 Released Candidate Now Available!
Acunetix WVS 8 Released Candidate Now Available!
January 25, 2012 – 10:47 pm | No Comment
Read the full story »
releases

Acunetix Web Vulnerability Scanner Product Releases

docs & FAQs

Acunetix technical documentation and FAQ

news

Acunetix Company and Web Security news, & Press Releases

events

Acunetix Webinars, Events and Training around the world

web security zone

Everything you need to know about Web Security

Home » docs & FAQs

VIDEO: Exploring the capabilities of Acunetix WVS Login Sequence Recorder; automating dynamic web applications crawling

Submitted by on September 25, 2009 – 5:12 pmOne Comment
The Acunetix WVS Login Sequence Recorder can be used for many other tasks rather than just to scan password protected areas.  If used appropriately it will help you in automating most of the crawling process.  Therefore the Acunetix WVS Login Sequence Recorder can be used to:
- Configure the crawler to crawl a pre-defined path of a website or web application
- Submit specific input (forms training) when accessing web pages and web forms which require specific input
- Specify which pages need manual intervention during an automated scan, because of the unique and random input they require each time they are accessed, such as forms which utilize CAPTCHA and Single sign on forms
In this video, one can see how the Acunetix WVS Login Sequence Recorder was used to help automate most of the crawling process, and crawl all of the web application.   The website included:
a) A set of three forms which unless the details are filled correctly, the user cannot proceed from one form to the other, and finally to the success page.  The Acunetix WVS Login Sequence Recorder was used to record this pre-defined crawling sequence, including submitting the required details automatically.
b) A password protected section.  The Acunetix WVS Login Sequence Recorder was used to simulate a login automatically, and was also configured to automatically detect when the logged in session is invalidated or times out, so if it happens, the crawler will re-login automatically to continue crawling and scanning the password protected section of the web application.
c) A CAPTCHA and Single Sign on Form.  Because of the unique and random input such pages require, they cannot be automatically scanned.  If it was possible to automatically submit details to such forms, then the scope of CAPTCHA and Single Sign On technology would be nullified.  Therefore the Acunetix WVS Login Sequence Recorder was used to configure the crawler and scanner to notify the user each time one of these pages are accessed, to allow the user to enter the required input.

The Acunetix WVS Login Sequence Recorder can be used for many other tasks rather than just to perform a web security audit of a website’s password protected area, and — if used correctly — it will help you automate most of the crawling process.  The Acunetix WVS Login Sequence Recorder can also be used to:

  • Configure the crawler to crawl a pre-defined path from a website or web application
  • Submit specific input (forms training) when accessing web pages and web forms which require specific input to function correctly
  • Specify which pages need manual intervention during an automated scan, because of the unique and random input they require each time they are accessed, such as forms which utilize CAPTCHA and Single sign on forms

In this video, one can see how the Acunetix WVS Login Sequence Recorder was used to help automate most of the crawling process, and successfully crawl all of the web application. The website scanned in this demonstration consisted of:

  • A set of three forms which unless the details are filled correctly, the user cannot proceed from one form to the other, and finally to the success page.  The Acunetix WVS Login Sequence Recorder was used to record this pre-defined crawling sequence, including submitting the required details automatically.
  • A password protected section.  The Acunetix WVS Login Sequence Recorder was used to simulate a login automatically, and was also configured to automatically detect when the logged in session is invalidated or times out, so if it happens, the crawler will re-login automatically to continue crawling and scanning the password protected section of the web application.
  • A CAPTCHA and Single Sign-on Form.  Because of the unique and random input such pages require, they cannot be automatically scanned.  If it was possible to automatically submit details to such forms, then the scope of CAPTCHA and Single Sign On technology would be nullified.  Therefore the Acunetix WVS Login Sequence Recorder was used to configure the crawler and scanner to notify the user each time one of these pages are accessed, and to allow the user to enter the required input.

Click here to watch the high quality version of this video

Be Sociable, Share!

One Comment »

Leave a comment!

Add your comment below, or trackback from your own site. You can also subscribe to these comments via RSS.

Be nice. Keep it clean. Stay on topic. No spam.

You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

This is a Gravatar-enabled weblog. To get your own globally-recognized-avatar, please register at Gravatar.