8
Introduction to Acunetix Web Vulnerability Scanner
Acunetix Web Vulnerability Scanner
o
Directory Traversal
o
File Inclusion
o
Script Source Code Disclosure
o
CRLF Injection / HTTP Response Splitting
o
Cross Frame Scripting (XFS)
o
PHP Code Injection
o
XPath Injection
o
Full Path Disclosure
o
LDAP Injection
o
Cookie Manipulation
o
URL Redirection
o
Application Error Message
MultiRequest Parameter Manipulation
o
Blind SQL / XPath Injection
File Checks
o
Checks for Backup
Files or Directories -
Looks for common files
(such as logs, application traces, CVS web repositories)
o
Cross Site Scripting in URI
o
Checks for Script Errors
Directory Checks
o
Looks for Common Files (such as logs, traces, CVS)
o
Discover Sensitive Files/Directories
o
Discovers Directories with Weak Permissions
o
Cross Site Scripting in Path and PHPSESSID Session Fixation.
Web Applications
–
Large database
of known vulnerabilities for specific
web applications such as Forums, Web Portals, Collaboration Platforms,
CMS Systems, E-Commerce Applications and PHP Libraries.
Text Search
o
Directory Listings
o
Source Code Disclosure
o
Check for Common Files
o
Check for Email Addresses
o
Microsoft Office Possible Sensitive Information
o
Local Path Disclosure
o
Error Messages
GHDB Google Hacking Database
o
Over 1400 GHDB Search Entries in the Database
Web Services – Parameter Manipulation
o
SQL Injection / Blind SQL Injection
o
Directory Traversal
o
Code Execution
o
XPath Injection
o
Application Error Messages
Other vulnerability tests may
also be performed
using the manual tools
provided, including:
Input Validation
Authentication attacks
Buffer overflows
 |
 |
 |