Which Vulnerabilities does Acunetix WVS Check for?

Acunetix WVS automatically checks for the following vulnerabilities among others:

• Version Check
  • Vulnerable Web Servers
  • Vulnerable Web Server Technologies – such as “PHP 4.3.0 file disclosure and possible code execution.
• CGI Tester
  • Checks for Web Servers Problems – Determines if dangerous HTTP methods are enabled on the web server (e.g. PUT, TRACE, DELETE)
  • Verify Web Server Technologies
• Parameter Manipulation
  • Cross-Site Scripting (XSS) – over 40 different XSS variations are tested.
  • SQL Injection
  • Code Execution
  • Directory Traversal (Unix and Windows)
  • File Inclusion
  • Script Source Code Disclosure
  • CRLF Injection
  • Cross Frame Scripting (XFS)
  • PHP Code Injection
  • XPath Injection
  • Path Disclosure (Unix and Windows)
  • LDAP Injection
  • Cookie Manipulation
  • Arbitrary File creation (AcuSensor Technology)
  • Arbitrary File deletion (AcuSensor Technology)
  • Email Injection (AcuSensor Technology)
  • File Tampering (AcuSensor Technology)
  • URL redirection
  • Remote XSL inclusion
• MultiRequest Parameter Manipulation
  • Blind SQL/XPath Injection
• File Checks
  • Checks for Backup Files or Directories - Looks for common files (such as logs, application traces, CVS web repositories)
  • Cross Site Scripting in URI
  • Checks for Script Errors
• File Uploads
  • Unrestricted File uploads Checks
• Directory Checks
  • Looks for Common Files (such as logs, traces, CVS)
  • Discover Sensitive Files/Directories
  • Discovers Directories with Weak Permissions
  • Cross Site Scripting in Path and PHPSESSID Session Fixation.
  • Web Applications
  • HTTP Verb Tampering
• Text Search
  • Directory Listings
  • Source Code Disclosure
  • Check for Common Files
  • Check for Email Addresses
  • Microsoft Office Possible Sensitive Information
  • Local Path Disclosure
  • Error Messages
  • Trojan shell scripts (such as popular PHP shell scripts like r57shell, c99shell etc)
• Weak Passwords
  • Weak HTTP Passwords
• GHDB Google Hacking Database
  • Over 1200 GHDB Search Entries in the Database
• Port Scanner and Network Alerts
  • Port scans the web server and obtains a list of open ports with banners
  • Performs complex network level vulnerability checks on open ports such as:
    • DNS Server vulnerabilities (Open zone transfer, Open recursion, cache poisoning)
    • FTP server checks (list of writable FTP directories, weak FTP passwords, anonymous access allowed)
    • Security and configuration checks for badly configured proxy servers
    • Checks for weak SNMP community strings and weak SSL cyphers
    • and many other network level vulnerability checks!
• Other vulnerability tests may also be preformed using the manual tools provided, including:
  • Input Validation
  • Authentication attacks
  • Buffer overflows
  • Blind SQL injection
  • Sub domain scanning

• Product Information
• Download
• Product Tour
• Brochure (PDF)
• Pricing
• Testimonials
• Customer references
• Resell Acunetix
• Acunetix in the Press
• List of vulnerability checks

• Learn more
• SQL Injection
• Cross site scripting
• Web Security
• Directory Traversal
• Ajax Application Security
• Google Hacking    

Acunetix Web Application Security Blog

Latest Article

Exploiting a cross-site scripting vulnerability on Facebook

Read how by exploiting a XSS vulnerability, an attacker can hijack Facebook accounts!

• Continue Reading | More Articles

Latest Whitepaper

Why File Upload Forms are a major security threat

This white paper talks about common file upload forms validation types and also how malicious users can easily bypass them.  With the help of Acunetix WVS, a web developer can easily find these vulnerabilities in web applications without the need of advanced web security expertise.  He can also easily solve them thanks to the amount of extensive information Acunetix WVS reports.

• Continue Reading | More White Papers

Testimonials

“The issues detected were of major impact; if hackers would have found the security holes, they could have hacked an entire Joomla! Site.”

Robin Muilvijk
Quality & Testing Team, Joomla!

• More Testimonials