As an automated black-box web application security scanner, Acunetix performs a series of tasks to identify web application vulnerabilities as outlined below.
1 – Target identification
- Acunetix checks if the Target in question is reachable and running a web server, and therefore serving requests over the HTTP protocol.
- Acunetix fingerprints the web server to identify popular technologies that the web server might be using. This allows the scanner to identify the type of web server (e.g. Apache HTTP Server, Nginx, IIS…), the server-side language being used (e.g. PHP, ASP.NET, Java/J2EE, Python, NodeJS…) as well as the operating system the web server is running on. This information allows the scanner to automatically tune itself to the Target to be scanned – for example, certain vulnerabilities will only exist on Windows servers, or specific versions of PHP.
2 – Site crawling and structure mapping
- The index file is requested from the web server. This is determined by the start URL (e.g. http://www.example.com/ will load
- The Crawler, hand-in-hand with DeepScan will follow links, map input fields and parameters. This contributes to building a list of directories and files within the site.
Note — If AcuSensor technology is used a list of files will be accurately retrieved directly from the server via a back-end crawl.
3 – Security analysis performed against the site structure
- Acunetix launches a number of security tests against the target website
- As Acunetix discovers vulnerabilities, alerts are reported in real-time. Each alert produces detailed information about the vulnerability, recommendations on how to fix it, as well as several links through which the user can learn more about the reported vulnerability and how to fix it.
Note — If AcuSensor is enabled, debug information will also be reported, like the SQL query vulnerable to SQL injection and the line of vulnerable code responsible for the exploit.