Acunetix is a heuristic scanner and not a signature based scanner, which by design is an efficient way of reducing false positives. With the introduction of AcuSensor Technology, false positive reporting has been drastically reduced because vulnerability detection is no longer based on just the error messages…
FAQ: Why does Acunetix WVS detect pages that don’t exist on my website?
Some websites are designed to use custom 404 error pages instead of a web browser’s standard error page because they can be branded and made to contain links to other important pages. If your website uses custom 404 error pages which generate different error codes,…
FAQ: How to exclude file types from being crawled
Acunetix WVS can be configured to ignore certain file types which cannot be exploited by a hacker, and therefore cannot be considered as potentially vulnerable. By ignoring these files types a scan will take less time to complete, and will be more efficient in its…
FAQ: Can I manually import scan results into the Acunetix database file?
Should you need to generate a report for a security scan performed at an earlier stage, it is possible to load a saved scan result file and manually import it into the Acunetix WVS reporting database. To generate a report from saved scan results: Click…
FAQ: How does Acunetix WVS crawl password protected areas?
The Acunetix WVS Login Sequence Recorder can be used for many other tasks rather than just to scan password protected areas. If used appropriately it will help you in automating most of the crawling process. Therefore the Acunetix WVS Login Sequence Recorder can be used…
How does Acunetix perform an automated scan and detect vulnerabilities?
As an automated black-box web application security scanner, Acunetix performs a series of tasks to identify web application vulnerabilities as outlined below. 1 – Target identification Acunetix checks if the Target in question is reachable and running a web server, and therefore serving requests over…
How to prevent a scan from flooding with Acunetix test string emails
Apart from being an annoyance, if the problem of mass mailing has impacted your site then it could be a web application vulnerability in itself. A hacker or malicious user can perform the same steps to flood the mail system, for example by using automated…
FAQ: Under what circumstances will a scan require human intervention?
Although the Login Sequence Recorder (LSR) does provide the ability to perform scans while being authenticated, there may be cases during authentication where manual intervention is required by the login form. For example, CAPTCHAs, one-time passwords and two-factor authentication cannot be performed automatically since they…
How to choose a web vulnerability scanner
A must read interview for anyone who is interested in evaluating web vulnerability scanners. In this interview we discuss the process of choosing a web vulnerability scanner and underline several factors that should be taken into consideration in the decision-making process. Which is the best…
