Eaisly Extend Automated Testing With In-built Manual Penetration Testing Tools & Other Advanced Features
Take Automated Scanning Further
- Use the integrated HTTP Editor to export HTTP requests from an automated crawl or scan, modify or craft HTTP requests and analyze the web server’s response.
- Intercept, log and modify HTTP traffic sent to and from a web application on the fly using Traps with support for regular expressions using the integrated HTTP Sniffer. Extend manual HTTP traffic inspection by using captured traffic to build a custom crawl structure that can be used as part of an automated scan.
- Fuzz HTTP requests to test validation and handling of invalid or random data using a variety of built-in fuzzers. Filter fuzzed HTTP requests with HTTP Fuzzer filters with support for regular expressions.
- Export Blind SQL Injection vulnerabilities from automated scans, and perform automated database data extractions using the Blind SQL Injector.
- Import manual crawl data from the built-in HTTP Editor, third-party tools such as Telerik Fiddler, Portswigger BurpSuite, and HAR (HTTP Archive) files.
More Advanced Features
- Flexibly scan websites and web applications with different Scan Settings and Login Sequences depending on engagement.
- Easily customize a scan’s scope by leveraging Scanning Profiles and Directory and File Filters (support for wildcard and regular expression-based filters) to customize tests and pen-test scope.
- Easily schedule scans to run at a given time, or set-up recurring scans based on a customized schedule, set-up custom Excluded Hours templates to pause scans during specific hours.
- Dynamically pre-seed automated crawls using external, third-party tools and custom-built scripts.
- Crawl and scan complex Business Logic-driven applications through consumption of Selenium IDE test cases
Auto-configuration of Web Application Firewall
Acunetix WVS can automatically create the appropriate Web Application Firewall rules to protect web applications against attacks targeting vulnerabilities that the scanner finds. This allows you to temporarily prevent exploitation of high-severity vulnerabilities until you are able to fix them. Currently Acunetix WVS supports the popular Imperva Web Application Firewall and FortiWeb WAF.
Integration and Extensibility Features
Users can also leverage the Command Line Interface and XML output to integrate with 3rd party Vulnerability Management and Defect Tracking Systems. Furthermore, Acunetix also has a well documented SDK for advanced users to create their own custom vulnerability tests.