Which Vulnerabilities does Acunetix WVS Check for?

Acunetix WVS automatically checks for the following vulnerabilities among others:

  • Version Check
    • Vulnerable Web Servers
    • Vulnerable Web Server Technologies – such as “PHP 4.3.0 file disclosure and possible code execution.
  • CGI Tester
    • Checks for Web Servers Problems – Determines if dangerous HTTP methods are enabled on the web server (e.g. PUT, TRACE, DELETE)
    • Verify Web Server Technologies
  • Parameter Manipulation
    • Cross-Site Scripting (XSS) – over 25 different XSS variations are tested.
    • SQL Injection
    • Code Execution
    • Directory Traversal
    • File Inclusion
    • Script Source Code Disclosure
    • CRLF Injection
    • Cross Frame Scripting (XFS)
    • PHP Code Injection
    • XPath Injection
    • Full Path Disclosure
    • LDAP Injection
    • Cookie Manipulation
  • MultiRequest Parameter Manipulation
    • Blind SQL/XPath Injection
  • File Checks
    • Checks for Backup Files or Directories - Looks for common files (such as logs, application traces, CVS web repositories)
    • Cross Site Scripting in URI
    • Checks for Script Errors
  • Directory Checks
    • Looks for Common Files (such as logs, traces, CVS)
    • Discover Sensitive Files/Directories
    • Discovers Directories with Weak Permissions
    • Cross Site Scripting in Path and PHPSESSID Session Fixation.
    • Web Applications
  • Text Search
    • Directory Listings
    • Source Code Disclosure
    • Check for Common Files
    • Check for Email Addresses
    • Microsoft Office Possible Sensitive Information
    • Local Path Disclosure
    • Error Messages
  • GHDB Google Hacking Database
    • Over 1200 GHDB Search Entries in the Database

Other vulnerability tests may also be preformed using the manual tools provided, including:

  • Input Validation
  • Authentication attacks
  • Buffer overflows