Contents

Home

Print document

Contents

Introduction to Acunetix Web Vulnerability Scanner

Why You Need To Secure Your Web Applications

The need for automated web application security scanning

Web Attack Examples

The Acunetix Web Vulnerability Scanner

Audited Vulnerabilities

Supported Technologies

Main Features

Compliance Reporting

JavaScript / AJAX Support – Client Script Analyzer (CSA)

Web Services Support

Subdomain Scanner

Scheduler Application

Command Line

URL Rewrite Support

Detects Google Hacking Vulnerabilities

Extend Attacks with the HTTP Editor and Sniffer

In-Depth Testing with the HTTP Fuzzer

Login Sequence Recorder for Protected Areas

Automatic HTML Form-filler

Crawl Flash Files

Test Password Strength of Login Pages

Vulnerability Editor

Supports All Major Web Technologies

Scanning Profiles

Report Generator

Compare Scans and Find Differences

Easily Re-Audit Website Changes

Acunetix WVS Program Overview

Web Scanner

Site Crawler

HTTP Editor

HTTP Sniffer

HTTP Fuzzer

Authentication Tester

Vulnerability Editor

Reporter

License Scheme

Perpetual or Time Based Licenses

Small Business Version 1 Site/Server

Enterprise Version Unlimited Sites/Servers

Consultant Version

Purchasing Acunetix WVS

Installing Acunetix WVS

System Requirements

Installation Procedure

Upgrade Procedure

Configuring a Proxy Server

HTTP Proxy Settings

SOCKS Proxy Settings

Configuring Web Browser for HTTP Sniffer

Internet Explorer Configuration

Mozilla Firefox Configuration

Password Protect WVS

Limitations of the Evaluation Version

Upgrading From an Evaluation to a Purchased Version

Extending or Upgrading a Purchased Version

The User Interface

The WVS Main Interface

Layout

Navigation

Toolbar

Tools Explorer

Main Area

Activity Window

Status Bar

Hiding Panels

The Settings Interface

Getting Started: Scanning Your Website

Starting a Scan

Step 1: Select Target(s) to Scan

Step 2: Confirm Targets and Technologies Detected

Step 3: Specify Crawler Options

Step 4: Specify Scanning Profile Options and Mode

Step 5: Configure Login for Password Protected Areas

Step 6: Configuring Custom 404 Error Pages

Selecting the Files/Folders to Scan

Analyzing the Scan Results

Alerts Node

Site Structure Node

Saving the Scan Results

Generating a Report from the Scan Results

Google Hacking Vulnerabilities

Site Crawler Tool

Analyzing a Website Structure

Starting the crawling process

Analyzing the information collected by the crawler

Info Tab

Referrers Tab

HTTP Headers Tab

Inputs Tab

View Source Tab

View Page Tab

HTML Analysis Tab

Simple URLs Sub-Tab

Comments Sub-Tab

Client Script Sub-Tab

Input Forms Sub-Tab

META Tags Sub-Tab

Target Finder Tool

To Start A Scan

Subdomain Scanner Tool

Starting a Subdomain Scan

HTTP Sniffer Tool

Configuring the HTTP Sniffer

Enabling the HTTP Sniffer

Creating an HTTP Sniffer Trap Filter

Analyzing and Responding To the Trapped Requests

Editing an HTTP Request without a Trap

Authentication Tester Tool

Testing HTTP Authentication

What is HTTP Authentication?

Testing the Password Strength

Testing HTML Form Authentication

What is HTML Forms Authentication?

Testing Password Strength

HTTP Editor Tool

Editing a Request

Fin-Tuning Requests and Analyzing Responses

Response Headers and Response Data tabs

Text Only Tab

View Page Tab

HTML Structure Analysis Tab

HTTP Fuzzer Tool

Creating a Rule to Automatically Test a Series of Inputs

Gathering an HTTP Request

Creating Data Generators

Web Services Scanner

Starting a Web Service Scan

Analyzing Results

Web Services Editor

Using the Web Services Editor

Importing WDSL and Sending Request

Response Tab

Structured Data Tab

WSDL Structure Tab

WSDL Tab

HTTP Editor Export Feature

Compare Results Tool

Comparing Results

Analyzing the Results Comparison

Modify/Delete Template Items

Introduction to the Reporter

Launching the Reporter

Report Styles and Templates

Developer Report

Executive Report

Vulnerability Report

Scan Comparison Report

Statistical Reports

Compliance Reports

Generating a Report

Single Scan Report Wizard

Comparison Wizard

Statistical Templates

Compliance Templates

The Report View

The Reporter Settings

Report Options

Command Line Support

Locating the WVS Command Line Executable

Command Line Parameters and Options

Reporter Command Line

Command Line Examples

Example 1

The Scheduler Management Console

Scheduler Toolbar

Scheduler Log Toolbar

Creating a Schedule

Configuring Acunetix WVS

Settings: Application Settings > General

Updates

HTTP General

HTTP Tuning

Password Protection

Settings: Application Settings > LAN Settings

Settings: Application Settings > Database

Settings: Application Settings > Certificates

Settings: Application Settings > Logging

Tool Settings > Site Crawler

Crawling Options

Tool Settings > Site Crawler > File Filters

Tool Settings > Site Crawler > Directory Filters

Tool Settings > Site Crawler > URL Rewrite

Tool Settings > Site Crawler > Custom Cookies

Tool settings > HTTP Sniffer

Tool Settings > Scanner

Scanning Options

Scanner Settings > Login sequences

Scanner settings > HTML forms

Example: Testing a Signup Form

Scanner Settings > Parameter Exclusions

Scanner settings > Custom Error Pages

Scanner settings > GHDB

Scanning Profiles

Default Scanning Profiles

Creating/Modifying Scan Profiles

Database Conversion Utility

Obtaining the Database Conversion Utility

Converting a Database

Vulnerability Editor

Acunetix WVS audit modules

Version Check – TM_ Version_Check.dll

CGI Tester – TM_CGI_Tester.dll

Parameter Manipulation -TM_parameter_manipulation.dll

File Checks – TM_Backup_Files.dll

Directory Checks – TM_Common_Files.dll

Text Search – TM_ Text_Search.dll

Adding a Vulnerability Test

Editing the Vulnerability Description

Specifying When the Vulnerability Check is Applicable

Specifying Test Variables

Version Check

CGI Tester

Parameter Manipulation

File Checks

Directory Checks

Text Search

Variables Explained

Defining the Requests to be Made in the Test

Analyzing the Response

Define

Adding a Vulnerability Item

Example: Creating a Test Which Searches for a Particular File

Step 1: Creating a Vulnerability

Step 2: Adding a Vulnerability Item

Step 3: Configuring the Test Properties

Step 4: Save the Test and Re-Launch Acunetix WVS

WVS Tools File Types

WVS Export File Types

Troubleshooting

Request Support Via E-Mail