Why did Acunetix WVS display a message window stating that URL rewrite was detected during a scan?

URL rewrite (ex. mod_rewrite) is a common technology which is enabled on a web server to change the format of the URL being requested on the fly, for search engine crawling purposes. Common example: http://testasp.vulnweb.com/showthread.asp?id=1 can be rewritten automatically into: http://testasp.vulnweb.com/showthread.asp/id/1 ?id=1 is a parameter input, however with URL rewrite it can be rewritten to […]

Read More →

How can I define my own URL rewrite rules?

When used by a website, URL rewrite rules need to be defined in Acunetix WVS to instruct the Crawler on how to recognize rewritten URLs, otherwise some URLs will be misinterpreted as directories — which will result in an incorrect scan. In this FAQ we will detail one of the URL rewrite rules needed to […]

Read More →

Where are Acunetix files stored?

By default, Acunetix is installed in C:\Program Files (x86)\Acunetix {version}. However, this location can be changed at installation time. Furthermore, Acunetix stores all its data in C:\ProgramData\Acunetix {version}. This includes the Acunetix database as well as file uploads such as Login Sequences. If you are having trouble finding your Acunetix installation, you can run the […]

Read More →

FAQ: What additional features does Acunetix WVS include?

The following features complete the Acunetix WVS scanning arsenal: Innovative AcuSensor technology Web server configuration detection Web server security scan (Port Scanner) against services such as DNS, SSH etc Dictionary (brute force) attacker to test password strength of login pages or HTTP authentication Report Generator to create professional and regulatory compliance reports specifying detected vulnerabilities […]

Read More →

FAQ: How does Acunetix reduce false positives?

Acunetix is a heuristic scanner and not a signature based scanner, which by design is an efficient way of reducing false positives. With the introduction of AcuSensor Technology, false positive reporting has been drastically reduced because vulnerability detection is no longer based on just the error messages returned from the server or web application, but also from […]

Read More →