Using the default Admin WordPress Account, hackers can easily launch a brute force attack against it. In order to help deter this type of attack, you should change your default WordPress administrator username to something more difficult to guess. Fix: Do not make the following…
Why You Need Intruder Lockout
It’s a very predictable web security flaw — in fact, it’s something I find in the majority of my web security assessments: the lack of intruder lockout on login pages. I know, with all the SQL injection and cross-site scripting present on the web, the…
FAQ: Acunetix WVS Scan Settings templates
Scan Settings templates give you the ability to configure the scanner and save such configuration settings as a template for future use, instead of having to reconfigure the global scanner settings for different targets. Using Scan Settings Templates, you can quickly recall scanning options, headers…
FAQ: Which Web Security Alerts are Detected by the Acunetix Crawler?
Acunetix displays vulnerability alerts and threats in real-time throughout the scan. Before scanning a website or web application, Acunetix first crawls the website to find all available inputs and links that can be manipulated later during the scanning stage. However, some of these web security…
FAQ: Is it possible to have different scan settings templates?
In version 8 of WVS, it is possible to save the settings used to scan a website as a template. It is possible to have as many scan settings templates as you like, and they can all be recalled on the fly when performing repetitive…
FAQ: How can I scan multiple websites with Acunetix WVS?
Acunetix Web Vulnerability Scanner provides the functionality to scan multiple websites at the same time through the web-based Acunetix WVS Scheduler. The Acunetix Scheduler will run a new WVS instance for each website scheduled to be scanned. The number of instances that the Acunetix WVS…
Why does Acunetix WVS detect site pages that don’t exist?
Some websites are designed to use custom 404 error pages instead of a web browser’s standard error page because they can be branded and made to contain useful links to other important pages. If your website uses custom 404 error pages — which generate different…
Why did Acunetix WVS display a message window stating that URL rewrite was detected during a scan?
URL rewrite (ex. mod_rewrite) is a common technology which is enabled on a web server to change the format of the URL being requested on the fly, for search engine crawling purposes. Common example: http://testasp.vulnweb.com/showthread.asp?id=1 can be rewritten automatically into: http://testasp.vulnweb.com/showthread.asp/id/1 ?id=1 is a parameter…
How can I define my own URL rewrite rules?
When used by a website, URL rewrite rules need to be defined in Acunetix WVS to instruct the Crawler on how to recognize rewritten URLs, otherwise some URLs will be misinterpreted as directories — which will result in an incorrect scan. In this FAQ we…