7
Introduction to Acunetix Web Vulnerability Scanner
Introduction to Acunetix Web Vulnerability Scanner
7
1.3
The Acunetix Web Vulnerability Scanner
The Acunetix Web Vulnerability
Scanner
(WVS)
broadens the scope of
vulnerability scanning by introducing highly advanced heuristic and rigorous
technologies designed to tackle the complexities of today's web-based
environments.
WVS is an automated web application security testing tool that audits your
web applications by checking for vulnerabilities to SQL Injection, Cross site
scripting and other exploitable hacking vulnerabilities. In general, the product
scans any website or web application that is accessible via a web browser
and that respects HTTP/HTTPS rules.
Besides automatically scanning for exploitable vulnerabilities, WVS offers a
strong and unique solution for analyzing off-the-shelf and custom web
applications including those relying on JavaScript (e.g., AJAX applications).
The Acunetix WVS
is suitable for any small, medium sized and large
organizations with intranets, extranets, and websites aimed at exchanging
and/or delivering information with/to customers, vendors, employees and
other stakeholders.
How WVS Works
Acunetix WVS has a vast array of automated features and manual tools and,
in general, works in the following manner:
1. It crawls the entire website –
by following all the links on the site
and in the robots.txt
file (if available). WVS will then map out the
website structure and display detailed information about every file.
2. After this discovery stage or crawling process, WVS automatically
launches a series of vulnerability
attacks on each page found, in
essence emulating a hacker. WVS analyzes each page for places
where it can input
data, and subsequently attempts all the different
input combinations. This is the Automated Scan Stage.
3. As it finds vulnerabilities, Acunetix WVS reports these in the “Alerts
Node”. Each alert contains information about the vulnerability and
recommendations on how to fix it.
4. After a scan has been completed, it may be saved to file for later
analysis and for comparison to previous scans. With the reporter tool
a professional report may be created summarizing the scan.
1.4
Audited Vulnerabilities
Acunetix WVS automatically checks for the following vulnerabilities:
Version Check
o
Vulnerable Web Servers
o
Vulnerable Web Server
Technologies –
such as PHP
4.3.0 file
disclosure and possible code execution.
CGI Tester
o
Checks for Web Servers Problems –
Determines if dangerous
HTTP methods are enabled on the web server (e.g. PUT, TRACE,
DELETE)
o
Verify Web Server Technologies
Parameter Manipulation
o
Cross-Site Scripting (XSS)
o
SQL Injection
o
Code Execution
 |
 |
 |