Advanced Features: Pen-Testing Tools and WAF configuration

Acunetix includes advanced tools for penetration testers to further automated testing, integration with external tools, as well as tools to aid in testing business-logic web applications.

HTTP Editor

Eaisly Extend Automated Testing With In-built Manual Penetration Testing Tools & Other Advanced Features

Take Automated Scanning Further

  • Use the HTTP Editor to export HTTP requests from an automated crawl or scan, modify or craft HTTP requests and analyze the web server’s response.
  • Intercept, log and modify HTTP traffic sent to and from a web application on the fly using Traps with support for regular expressions using the HTTP Sniffer. Extend manual HTTP traffic inspection by using captured traffic to build a custom crawl structure that can be used as part of an automated scan.
  • Fuzz HTTP requests to test validation and handling of invalid or random data using a variety of built-in fuzzers. Filter fuzzed HTTP requests with HTTP Fuzzer filters with support for regular expressions.
  • Export Blind SQL Injection vulnerabilities from automated scans, and perform automated database data extractions using the Blind SQL Injector.
  • Import manual crawl data from the Acunetix HTTP Editor, third-party tools such as Telerik Fiddler, Portswigger BurpSuite, and HAR (HTTP Archive) files.

Automatic Web Application Firewall (WAF) configuration

Sometimes, it’s not possible to roll-out a fix to a high-severity vulnerability there-and-then. Acunetix integrates with Imperva SecureSphere, F5 BIG-IP Application Security Manager and FortiWeb WAF and can automatically create the appropriate Web Application Firewall rules to protect web applications against attacks targeting vulnerabilities that the scanner finds. This allows you to temporarily prevent exploitation of high-severity vulnerabilities until you are able to fix them.

Automatic Web Application Firewall (WAF) configuration
WAF Auto-configuration and Itegration/Extensibility Features

Integration and Extensibility

Acunetix features a powerful Command Line Interface (CLI) and RESTful Application Programming Interface (REST API). The REST API allows access and management of Scan Targets, Scans, Vulnerabilities, Reports and other resources within an Acunetix in a simple, programmatic manner using conventional HTTP requests. The API’s endpoints are intuitive and powerful, allowing you to easily retrieve information and execute actions.

Acunetix is available on premise and online. Choose your trial.