Which Vulnerabilities does Acunetix WVS Check for?
Acunetix WVS automatically checks for the following vulnerabilities among others:
- Version Check
- Vulnerable Web Servers
- Vulnerable Web Server Technologies – such as “PHP 4.3.0 file disclosure and possible code execution.
-
- CGI Tester
-
- Checks for Web Servers Problems – Determines if dangerous HTTP methods are enabled on the web server (e.g. PUT, TRACE, DELETE)
- Verify Web Server Technologies
-
- Parameter Manipulation
-
-
- MultiRequest Parameter Manipulation
-
- Blind SQL/XPath Injection
-
- File Checks
-
- File Uploads
-
-
- Directory Checks
-
- Looks for Common Files (such as logs, traces, CVS)
- Discover Sensitive Files/Directories
- Discovers Directories with Weak Permissions
- Cross Site Scripting in Path and PHPSESSID Session Fixation.
- Web Applications
- HTTP Verb Tampering
-
- Text Search
-
- Directory Listings
- Source Code Disclosure
- Check for Common Files
- Check for Email Addresses
- Microsoft Office Possible Sensitive Information
- Local Path Disclosure
- Error Messages
- Trojan shell scripts (such as popular PHP shell scripts like r57shell, c99shell etc)
-
- Weak Passwords
-
- GHDB Google Hacking Database
-
- Over 1200 GHDB Search Entries in the Database
-
- Port Scanner and Network Alerts
-
- Port scans the web server and obtains a list of open ports with banners
- Performs complex network level vulnerability checks on open ports such as:
-
- DNS Server vulnerabilities (Open zone transfer, Open recursion, cache poisoning)
- FTP server checks (list of writable FTP directories, weak FTP passwords, anonymous access allowed)
- Security and configuration checks for badly configured proxy servers
- Checks for weak SNMP community strings and weak SSL cyphers
- and many other network level vulnerability checks!
-
- Other vulnerability tests may also be preformed using the manual tools provided, including:
-
- Input Validation
- Authentication attacks
- Buffer overflows
- Blind SQL injection
- Sub domain scanning
-
|
|