Note: This is no longer available. Click here to download a 14-day free trial of the latest version of Acunetix. 

The next stage in the evolution of Acunetix Web Vulnerability Scanner has arrived — WVS 8 BETA!

Many of you have been biting their nails in anticipation of this Beta, so sit tight and read on for the next most important stage in the evolution of Acunetix WVS.  Version 8 of Web Vulnerability Scanner has been optimized to make life easier at every stage of a security scan. WVS is easier to use for web admins and security analysts alike: enhanced automation, ability to save scan settings as a template to avoid reconfiguration, and multiple instance support for simultaneous scans of several websites. WVS 8 also ushers in a new exciting co-operation between Acunetix and Imperva: developers of the industry’s leading Web Application Firewall.

If you are interested in testing the new BETA of Version 8, and you already own an Acunetix WVS Enterprise or Consultant license with a valid maintenance agreement, contact us today at beta@acunetix.com.

New to WVS 8

Manipulation of inputs from URLs

Acunetix WVS can automatically detect URL parameters and manipulate them to detect vulnerabilities. This technology is not present in any other competing vulnerability scanner.

Automatic IIS 7  rewrite rule interpretation

Using the web application’s web.config file, WVS 8 can automatically interpret rewrite rules without requiring any manual input.

Support for custom HTTP headers

To function correctly, some web applications need incoming requests to contain specific HTTP headers. It is now possible to define custom HTTP headers to be used during automated scans.

Imperva Web Application Firewall integration

An exciting co-operation between Imperva and Acunetix: WVS 8 scan results can be automatically imported into an Imperva Web Application Firewall and interpreted as rules.

New vulnerability class: HTTP Parameter Pollution

At the time of writing, Acunetix WVS 8 is the only scanner that tests for this security vulnerability.

Multiple instance support

Acunetix WVS 8 can be relaunched as multiple instances on the same machine, allowing the user to scan multiple websites and opening up further support for multi-user scenarios on the same server/workstation.

Redesigned Scheduler

Accessible via a web interface, the new Scheduler allows administrators to download scan results from any workstation, laptop, or smartphone. The new Scheduler will automatically launch another instance of WVS when multiple web scans are due, preventing multiple processes from depending on the resources of one WVS instance and thereby allowing scans to complete in less time.

Automatic custom 404 error page recognition and detection

Acunetix WVS 8 can automatically determine if a custom error page is in use and recognizes it without requiring any custom 404 recognition patterns to be configured for a scan

Scan settings templates

WVS 8 now allow the settings for the scan of a specific application to be saved as individual templates, making it quick and easy to recall the exact settings for a website each time it is scanned. This is particularly useful when scanning multiple sites, allowing the user to load the template for each site instead of re-configuring all the settings manually.

Simplified Scan Wizard

In addition to the introduction of Scan Settings Templates and automatic custom 404 error page recognition, the Scan Wizard contains far less options so it’s much easier and quicker to kick off a scan.

Smart memory management

The following settings have been added to ensure even the most complex scans will complete automatically, and successfully:

  • Define number of files per directory
  • Limit number of subdirectories per website
  • Assign Crawler memory limit

Real-time Crawler status

Crawler data is now updated in real-time information and provides live feedback how many files have been crawled, how many inputs have been detected, and more.

Scan termination status included in report

Reports now include the termination or completion status of each vulnerability scan. For example: the report will display if the scan was completed successfully or halted manually.

Web application coverage report

A new reporting option in report templates that lists all the web application files that has been tested, and also lists the specific vulnerability tests performed on each file.

Log file retention

It is now possible to define the retention span before log files are automatically flushed; to ensure logs are not deleted each time WVS is restarted.

Significant WVS 8 improvement

Improved web security check scripts

  • All security check scripts have been optimized to reduce false positives even further
  • The scanner checks for the latest variants of vulnerability classes like XSS, SQL injection, and more.

Become a Beta tester

Are you a security researcher who’s passionate about web security? Do you want to stay current with the latest cutting-edge web security scanning technologies? Contact us at beta@acunetix.com to learn more. (Requests are subject to approval)

Acunetix customers who already own an Enterprise or Consultant license with a valid maintenance agreement are automatically eligible to participate as beta testers.

The Acunetix WVS Version 8 user manual is available in PDF Format.

SHARE THIS POST
THE AUTHOR
Acunetix

Acunetix developers and tech agents regularly contribute to the blog. All the Acunetix developers come with years of experience in the web security sphere.