Acunetix WVS can be configured to ignore certain file types which cannot be exploited by a hacker, and therefore cannot be considered as potentially vulnerable. By ignoring these files types a scan will take less time to complete, and will be more efficient in its test executions.
The File Extension Filters in the Acunetix WVS settings already contains a multitude of file types (such as .jpg, .mp3, .avi) which don’t need to be scanned during a web application security scan. To to add or remove some specific file types from a scan:
- From the Tools Explorer pane, navigate to Configuration > Settings > Tool Settings > Site Crawler > File Extension Filters node.
- Use the ‘+’ and ‘-‘ buttons to include or exclude specific file types from being scanned.
Include List: Process all files matching the wildcard specified
Exclude List: Ignore all files matching the wildcard specified