Where are Acunetix files stored?

By default, Acunetix is installed in C:\Program Files (x86)\Acunetix {version}. However, this location can be changed at installation time. Furthermore, Acunetix stores all its data in C:\ProgramData\Acunetix {version}. This includes the Acunetix database as well as file uploads such as Login Sequences. If you are having trouble finding your Acunetix installation, you can run the […]

Read More →

FAQ: What additional features does Acunetix WVS include?

The following features complete the Acunetix WVS scanning arsenal: Innovative AcuSensor technology Web server configuration detection Web server security scan (Port Scanner) against services such as DNS, SSH etc Dictionary (brute force) attacker to test password strength of login pages or HTTP authentication Report Generator to create professional and regulatory compliance reports specifying detected vulnerabilities […]

Read More →

FAQ: How does Acunetix reduce false positives?

Acunetix is a heuristic scanner and not a signature based scanner, which by design is an efficient way of reducing false positives. With the introduction of AcuSensor Technology, false positive reporting has been drastically reduced because vulnerability detection is no longer based on just the error messages returned from the server or web application, but also from […]

Read More →

FAQ: How to exclude file types from being crawled

Acunetix WVS can be configured to ignore certain file types which cannot be exploited by a hacker, and therefore cannot be considered as potentially vulnerable. By ignoring these files types a scan will take less time to complete, and will be more efficient in its test executions. The File Extension Filters in the Acunetix WVS […]

Read More →

How does Acunetix perform an automated scan and detect vulnerabilities?

As an automated black-box web application security scanner, Acunetix performs a series of tasks to identify web application vulnerabilities as outlined below. 1 – Target identification Acunetix checks if the Target in question is reachable and running a web server, and therefore serving requests over the HTTP protocol. Acunetix fingerprints the web server to identify […]

Read More →

FAQ: Under what circumstances will a scan require human intervention?

Although the Login Sequence Recorder (LSR) does provide the ability to perform scans while being authenticated, there may be cases during authentication where manual intervention is required by the login form. For example, CAPTCHAs, one-time passwords and two-factor authentication cannot be performed automatically since they are either indistinguishable by the Login Sequence Recorder (LSR), are […]

Read More →