Welcome to the Acunetix Web Vulnerability Scanner 10 Quick Start Guide. In this guide, we will show you how to scan your website, analyse the scan results and create a report.
Automated Scanning of login protected pages, extended support for Java Frameworks and Ruby on Rails, and the detection of vulnerabilities in WP core and WP plugins.
The Acunetix Login Sequence Recorder can be used to test password-protected areas of your website automatically. If you are using Acunetix Web Vulnerability Scanner, you can create a new Login Sequence upon launching a scan from the Scan Wizard. If you are using Acunetix Online Vulnerability Scanner, you can download and install the Login Sequence […]
Windows 10 due to support SSH As you should now have heard, or as you might notice from the new little Windows icon on your taskbar, Windows 10 is due to be released at the end of July. The most interesting bit of news from a security point of view is that Microsoft are introducing […]
The new version of Acunetix Web Vulnerability scanner comes with improved support for scanning REST APIs. When Acunetix WVS finds an REST API definition (via a WADL file or from Acunetix DeepScan) it also scans this API resource for XML external entity injection vulnerabilities. If it receives a REST API resource from Acunetix DeepScan and […]
In this blog post I’m going to describe 3 different ways to scan REST APIs using the new version 10 of Acunetix Web Vulnerability Scanner. 1. REST API automatically discovered via Acunetix DeepScan Let’s start with a simple web application that is using REST. It only has one page and the contents of this page […]
Aside from better scanning of Java/J2EE web applications, Acunetix WVS version 10 comes with improved support for web applications built using the popular framework Ruby on Rails. A lot of new Rails specific tests were added in the new version. For example, many Rails developers use Rails scaffolding. Rails scaffolding is a quick way to […]
With the release of Acunetix WVS version 10, we’ve introduced a lot of improvements on how we test Java web applications. Java web applications are notoriously hard to scan automatically for many reasons, the most important one being session management. This type of application will frequently invalidate user sessions, making the process of crawling and […]
As a pen-tester, there are going to be situations where you will be asked to provide evidence of the seriousness of a vulnerability that has been identified. There is ample documentation on how to do this for the more common vulnerabilities such as Cross Site Scripting (XSS) or SQL Injection. But what if you need to […]
In Australia, the government provides formal guidance regarding cyber security in the form of the ‘Strategies to Mitigate Targeted Cyber Intrusions’ document, issued by the Department of Defence. This ties with the statutory information security compliance which anyone handling Australian Government data is subject to. They also rank these in order of importance from ‘essential’ […]