Acunetix Web Vulnerability Scanner (WVS) configuration settings can be accessed from Configuration > Application Settings in the Tools Explorer window pane.
In the Application Updates node you can configure when the application should check for both vulnerability and application updates. You can also configure the Proxy Server settings if your Internet connection must be accessed via a proxy server.
From the Logging node you can enable logging of different types of events, such as information, warning or error events. You can also enable logging of HTTP requests and responses, although this is only required to troubleshoot specific situations, and the log files created by this option can be quite large. You can also specify how many log files you wish to retain. Note that some log files may contain a lot of information (such as when scanning large sites).
Saved Scan Results
After running a scan, the scanned data needs to be stored in a database. This data is used to generate reports. By default, Acunetix WVS will save the scan results to a local Access database. For larger installations, this can be changed to an SQL database.
For scans that have been interrupted, you can also select to save the scan results to the database.
This type of authentication is handled by the web server whereby the user is prompted with a password dialog. Here you can add the HTTP credentials to be used for sites that require these.
Note that this type of authentication is different to form-based authentication which is done by the web application.
Some websites require client certificates to identify a client before access is granted. These certificates may be configured in Acunetix WVS by specifying the URL to be used during a crawl or a scan. To do this:
- Navigate to ‘Configuration > Application Settings > Client Certificates’.
- Specify a certificate location by browsing to the certificate with the Browse icon next to the Certificate file text box.
- Enter the certificate password in the Password text box.
- Enter the URL which needs a client certificate to be accessed.
- Click on Import and Apply to save the certificate information.
Login Sequence Manager
The Login Sequence Manager allows you to manage your recorded login sequences including the ones that have been defined prior to a scan. You can add, edit or remove Login Sequences from this node.
When a specific vulnerability is marked as False Positive in the scan results it will be listed in this node. Press on the – button to remove a vulnerability from the list of False Positives.
Note: False positives are site-specific by URL and file. Therefore if you mark a XSS vulnerability on http://www.testphp.vulnweb.com/artists.php as false positive and scan another site, this vulnerability will show up again if it is discovered.
From the HTTP Sniffer node, you can specify the interface and the port that the HTTP Sniffer will listen on.
From the Scheduler node you can configure the settings for the Acunetix Web Vulnerability Scanner Scheduler service. For more information on the Acunetix WVS Scheduler please navigate to http://www.acunetix.com/support/docs/wvs/scheduling-scans/
In the miscellaneous node you can configure the options specified below:
The Memory optimization options are advanced options and should generally be left unchanged. Acunetix support may instruct to change these options in very specific situations.
Use temporary files to reduce memory usage: Enabling this option instructs Acunetix Web Vulnerability Scanner to store temporary data in the specified location instead of system memory. Acunetix WVS must have full access to this folder. This will greatly reduce overall memory usage.
Maximum memory during crawling: Shows the maximum amount of memory that is used by the Acunetix crawler. If during a crawl the crawler consumes the configured amount of memory, the crawl will stop and the scanning will proceed.
- Display custom HTTP status information – Display the full HTTP response status line header and the corresponding status string.
- Display HTTPS status icon –Enable this option to show a padlock icon next to files or directories that are accessed via HTTPS and not HTTP.
You can set a password to restrict access to the Acunetix WVS main interface and all the other Acunetix WVS applications, such as the Reporter.
To create a new password enter the password in the fields New Password and Confirm New Password.
To remove password protection enter the current password in the Current Password field and leave the other 2 fields blank.
From the AcuSensor Deployment node you can generate the AcuSensor installation files. For more information on how to deploy the AcuSensor Agent on your web server, please navigate to http://www.acunetix.com/support/docs/installing-acusensor/.
In the AcuMonitor node you can enable the AcuMonitor service, configure the saved scans folder which is used to store information about the tests done for vulnerabilities which require the AcuMonitor Service, and the amount of time that you would like Acunetix to keep such information. You can also register to the AcuMonitor service and lookup requests using the ID found in a notification email received from AcuMonitor to get more information on the vulnerability detected.