Many of you have been biting their nails in anticipation of this Beta, so sit tight and read on for the next most important stage in the evolution of Acunetix WVS. Version 8 of Web Vulnerability Scanner has been optimized to make life easier at every stage of a security scan. WVS is easier to use for web admins and security analysts alike: enhanced automation, ability to save scan settings as a template to avoid reconfiguration, and multiple instance support for simultaneous scans of several websites. WVS 8 also ushers in a new exciting co-operation between Acunetix and Imperva: developers of the industry's leading Web Application Firewall.
If you are interested in testing the new BETA of Version 8, and you already own an Acunetix WVS Enterprise or Consultant license with a valid maintenance agreement, contact us today at firstname.lastname@example.org.
The FREE version of Acunetix WVS 8 BETA can be downloaded from here
New to WVS 8
Manipulation of inputs from URLs
Acunetix WVS can automatically detect URL parameters and manipulate them to detect vulnerabilities. This technology is not present in any other competing vulnerability scanner.
Automatic IIS 7 rewrite rule interpretation
Using the web application's web.config file, WVS 8 can automatically interpret rewrite rules without requiring any manual input.
Support for custom HTTP headers
To function correctly, some web applications need incoming requests to contain specific HTTP headers. It is now possible to define custom HTTP headers to be used during automated scans.
Imperva Web Application Firewall integration
An exciting co-operation between Imperva and Acunetix: WVS 8 scan results can be automatically imported into an Imperva Web Application Firewall and interpreted as rules.
New vulnerability class: HTTP Parameter Pollution
At the time of writing, Acunetix WVS 8 is the only scanner that tests for this security vulnerability.
Multiple instance support
Acunetix WVS 8 can be relaunched as multiple instances on the same machine, allowing the user to scan multiple websites and opening up further support for multi-user scenarios on the same server/workstation.
Accessible via a web interface, the new Scheduler allows administrators to download scan results from any workstation, laptop, or smartphone. The new Scheduler will automatically launch another instance of WVS when multiple web scans are due, preventing multiple processes from depending on the resources of one WVS instance and thereby allowing scans to complete in less time.
Automatic custom 404 error page recognition and detection
Acunetix WVS 8 can automatically determine if a custom error page is in use and recognizes it without requiring any custom 404 recognition patterns to be configured for a scan
Scan settings templates
WVS 8 now allow the settings for the scan of a specific application to be saved as individual templates, making it quick and easy to recall the exact settings for a website each time it is scanned. This is particularly useful when scanning multiple sites, allowing the user to load the template for each site instead of re-configuring all the settings manually.
Simplified Scan Wizard
In addition to the introduction of Scan Settings Templates and automatic custom 404 error page recognition, the Scan Wizard contains far less options so it's much easier and quicker to kick off a scan.
Smart memory management
The following settings have been added to ensure even the most complex scans will complete automatically, and successfully:
- Define number of files per directory
- Limit number of subdirectories per website
- Assign Crawler memory limit
Real-time Crawler status
Crawler data is now updated in real-time information and provides live feedback how many files have been crawled, how many inputs have been detected, and more.
Scan termination status included in report
Reports now include the termination or completion status of each vulnerability scan. For example: the report will display if the scan was completed successfully or halted manually.
Web application coverage report
A new reporting option in report templates that lists all the web application files that has been tested, and also lists the specific vulnerability tests performed on each file.
Log file retention
It is now possible to define the retention span before log files are automatically flushed; to ensure logs are not deleted each time WVS is restarted.
Significant WVS 8 improvement
Improved web security check scripts
- All security check scripts have been optimized to reduce false positives even further
- The scanner checks for the latest variants of vulnerability classes like XSS, SQL injection, and more.
Become a Beta tester
Are you a security researcher who's passionate about web security? Do you want to stay current with the latest cutting-edge web security scanning technologies? Contact us at email@example.com to learn more. (Requests are subject to approval)
Acunetix customers who already own an Enterprise or Consultant license with a valid maintenance agreement are automatically eligible to participate as beta testers.