FAQ: How to exclude file types from being crawled

Acunetix WVS can be configured to ignore certain file types which cannot be exploited by a hacker, and therefore cannot be considered as potentially vulnerable. By ignoring these files types a scan will take less time to complete, and will be more efficient in its test executions. The File Extension Filters in the Acunetix WVS […]

Read More →

How does Acunetix perform an automated scan and detect vulnerabilities?

As an automated black-box web application security scanner, Acunetix performs a series of tasks to identify web application vulnerabilities as outlined below. 1 – Target identification Acunetix checks if the Target in question is reachable and running a web server, and therefore serving requests over the HTTP protocol. Acunetix fingerprints the web server to identify […]

Read More →

FAQ: Under what circumstances will a scan require human intervention?

Although the Login Sequence Recorder (LSR) does provide the ability to perform scans while being authenticated, there may be cases during authentication where manual intervention is required by the login form. For example, CAPTCHAs, one-time passwords and two-factor authentication cannot be performed automatically since they are either indistinguishable by the Login Sequence Recorder (LSR), are […]

Read More →

How to choose a web vulnerability scanner

A must read interview for anyone who is interested in evaluating web vulnerability scanners.  In this interview we discuss the process of choosing a web vulnerability scanner and underline several factors that should be taken into consideration in the decision-making process. Which is the best web vulnerability scanner out there? This question has been haunting […]

Read More →

Creating custom vulnerability checks for Acunetix WVS

Vulnerability checks in Acunetix Web Vulnerability Scanner consists of two files; *.script – The actual vulnerability check written in JavaScript.  Such scripts are stored in the <C:\ProgramData\Acunetix WVS x\Data\Scripts> directory. *.xml – This file contains all the documentation related to the vulnerability description, such as vulnerability details, remediation, severity level and other details.  These XML […]

Read More →

FAQ: Is it possible to crawl a site manually?

It is possible to manually crawl your website with Acunetix WVS using a web browser. Using the resultant — and manually crawled — links, it is then possible to build a website structure that will be targeted during the security scan.  This is useful for scanning specific web applications that cannot be automatically crawled due […]

Read More →

Should I scan a website through a web application firewall?

Unfortunately, security scans are frequently launched against a website or web application sitting behind a web application firewall, or some other kind of web security gateway device.  A website audit performed for a website through a “man in the middle” device or software, will only give a false sense of security. First and most importantly of […]

Read More →