9
Introduction to Acunetix Web Vulnerability Scanner
Introduction to Acunetix Web Vulnerability Scanner
9
1.5
Supported Technologies
Acunetix WVS is designed to use a web application as an exploitable front-
end through which it can make contact with a database
or web-server. This
approach ensures that WVS does not rely on specific compatible web-
servers for a scan to be executed.
For scanning web applications, Acunetix WVS is designed around the
following concept; if an application can be viewed in any browser without
installing special plug-ins, over the HTTP and HTTPS protocols, then it will
also be correctly crawled and scanned. Tests carried out internally, and on
public web applications, have confirmed that
Acunetix WVS can efficiently
crawl and scan the following technologies: ASP, ASP.NET, JavaScript,
AJAX, PHP, FrontPage, PERL, JRun, Ruby, Flash, ColdFusion. Tested web
applications were also hosted on a number of different web servers such as
IIS, APACHE, Sun Java, and Lotus Domino.
1.6
Main Features
Compliance Reporting
The reporter allows you to generate detailed compliance reports for OWASP,
PCI, Sarbanes-Oxley, Web Application Security Consortium and HIPPA.
JavaScript / AJAX Support – Client Script Analyzer (CSA)
During the discovery stage, Acunetix WVS crawls for JavaScript and AJAX
using the new Client Script Analyzer (CSA). This allows the crawler to build a
comprehensive site structure
upon which the automated scan will be
launched.
The CSA
has been designed to be part of the crawling process to allow
automated rather than manual crawls
of websites
that rely on JavaScript
/
AJAX. Rather than parsing the client code on the page, the CSA actually
executes the JavaScript in real time and in similar fashion to the browser.
This is does since it builds the Document Object Model (DOM) of each page
on the website.
These design features significantly reduce the time needed to scan websites
containing JavaScript code while simplifying the whole scanning process for
such sites.
Web Services Support
For complete web security analysis, Acunetix WVS features full support for
Web Services vulnerability scanning and assessment. Web Services are now
becoming a commonplace implementation for information availability and
task processing over the internet, and the need to secure these systems from
being exploited also brings about the need for the right tools to perform this
task. The Web Services Scanner
and Web Services Editor
allow
for full
vulnerability scanning and WSDL analysis, with full reporting functionality.
Subdomain Scanner
The Subdomain
scanner allows fast and easy identification of active
Subdomains using various techniques and guessing of common subdomain
names. The Subdomain Scanner can be configured to use the target’s DNS
server, or one specified by the user for added flexibility.
 |
 |
 |