Acunetix WVS includes different settings and tools which -- when configured correctly -- will enable the scanner to automatically crawl an entire web application, enabling the automated scanning engine to obtain a complete reach over the site structure. During a scheduled scan, using a combination of custom cookies, automatic completion of forms, and automated login sequences will contribute to a fully automated and successful web security scan.
Login pages which require a combination of CAPTCHA validation and single sign-on (SSO) must be marked for manual intervention, since their unique and random login requirements are impossible to be completed automatically. The following steps detail how to mark a page for manual intervention:
- Launch the Login Sequence Recorder and enter the web application URL in the first step.
- In the second step of the wizard ‘Record Login Sequence’, click on the 'Pause' button to pause the recording, and enter the URL of the page which requires human input in the URL input field.
- Once the page is loaded, click on ‘’ (Manual Intervention) button. Proceed by clicking the ‘Next’ button till the end of the wizard.When a page is marked for manual intervention, when the crawler is crawling it, a browser window will pop up where you can enter the required details. Refer to the user's manual section ' Marking Pages for Manual Intervention (human input is required)' for more details about scanning web pages which require one time input.
Note: Only one page can be marked for manual intervention from the Login Sequence Recorder. If there are more than 1 page in a website which requires manual intervention, the first time the browser window pops up during a crawl, enter the URL of the other pages manually in the browser and proceed with the manual intervention for each page. By doing so, the crawler will automatically crawl those pages as well.
You can learn more about configuring Acunetix WVS for various login methods by reading this article.
Acunetix WVS also includes a list of advanced manual penetration testing tools to ease the process of manual penetration testing of a web application or website.