FAQ: Under what circumstances will a scan require human intervention?

Acunetix WVS includes different settings and tools which -- when configured correctly -- will enable the scanner to automatically crawl an entire web application, enabling the automated scanning engine to obtain a complete reach over the site structure. During a scheduled scan, using a combination of custom cookies, automatic completion of forms, and automated login sequences will contribute to a fully automated and successful web security scan.

Login pages which require a combination of CAPTCHA validation and single sign-on (SSO) must be marked for manual intervention, since their unique and random login requirements are impossible to be completed automatically. The following steps detail how to mark a page for manual intervention:

Launch the Login Sequence Recorder and enter the web application URL in the first step.
In the second step of the wizard ‘Record Login Sequence’, click on the 'Pause' button to pause the recording, and enter the URL of the page which requires human input in the URL input field.
Once the page is loaded, click on ‘’ (Manual Intervention) button. Proceed by clicking the ‘Next’ button till the end of the wizard.When a page is marked for manual intervention, when the crawler is crawling it, a browser window will pop up where you can enter the required details. Refer to the user's manual section ' Marking Pages for Manual Intervention (human input is required)' for more details about scanning web pages which require one time input.

Note: Only one page can be marked for manual intervention from the Login Sequence Recorder. If there are more than 1 page in a website which requires manual intervention, the first time the browser window pops up during a crawl, enter the URL of the other pages manually in the browser and proceed with the manual intervention for each page. By doing so, the crawler will automatically crawl those pages as well.

You can learn more about configuring Acunetix WVS for various login methods by reading this article.

Acunetix WVS also includes a list of advanced manual penetration testing tools to ease the process of manual penetration testing of a web application or website.

View all the Acunetix FAQs here.

Web Security Zone

Responding to DoS attacks at the web layer

WordPress Caching Plugins Remote PHP Code Execution

WordPress Attack Vectors and Open Amazon S3 Buckets Identified by Acunetix WVS

The Risks Associated with Third-Party Software Components

What Happens when you can’t Find Every Web Vulnerability?

Is Your Security Appliance Hackable?

Scanning a Template-based Website Using Acunetix WVS

Docs

Acunetix WVS Update 20130308 – New Security Tests

Unable to Download Error Whilst Trying to Update Acunetix WVS

Finding Broken Links Using Acunetix WVS

FAQs

Acunetix Web Vulnerability Scanner Command Line Operation

Configuring Automatic Session Detection in Acunetix WVS

How to Scan a Shopping Cart with an Automated Security Scanner

News

The US National Vulnerability Database was Hacked and Infected with Malware

Cyber-Espionage Now Considered a Direct Threat to American Economic Interests

Acunetix Support Availability During the Festive Season

Subscribe for Updates

Join us on facebook

Leave a Reply Cancel reply