/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsBANGALORE, INDIA: Acunetix WVS is a tool that automates the process of Web application security testing. It analyzes any website or Web application and scans them for exploitable vulnerabilities such as Blind SQL Injection, Cross-Site Scripting, and Directory Traversal, etc.
To check how secure a website is against vulnerabilities, WVS crawls through the whole website, lists out all related pages and then scans each page. On the pages where some input from user is required, it tries different input combinations for detecting vulnerabilities.
| Direct Hit! |
| Applies To: Security professionals Price: $1495 USP: Automated security assessment for Web applications Primary Link: http://www.acunetix.com Google Keywords: Server/client monitoring |
Its JavaScript analyzer can be used for testing applications made in Web 2.0 apps and Ajax. It also has a reporting tool with which one can compare scan results and create professional reports of scans performed. WVS comes with a HTTP Fuzzer that tests a range of variables for detecting input validation and buffer overflow vulnerabilities.
To scan a website using the WVS tool, go to File menu, and under 'New' select 'Web Site Scan' option, which will start the 'Scan' wizard. Under the Scan type choose the 'Scan single website' option, specify the I.P Address or URL of the website to scan, and click on 'Next'.
After performing a basic scan on the website for detecting basic details such as base path, Web server, operating system and technologies used on the website, the wizard will ask you to confirm the target. Then it will optimize the scan according to the detected tecnologies and will ask whether you want to modify the general crawler behavior of WVS. Once you define that, select the scanning profile and the scanning mode to be used.
There are 15 scanning profiles customized for specific tests that come with this utility and there are three scanning mode options: Quick, Heuristic, and Extensive.
Quick Scanning mode only tests for the first value of the parameters defined, where as in Heuristic mode the scanner automatically determines the parameters for which it should test all values and those for which it should test first values only. The Extensive Scanning mode is the one that scans the website for all parameters and with all possible combinations.
| Acunetix WVS automatically detects and categorizes the detected vulnerabilities in four severity levels |
Lastly, the wizard will ask you to review the scan details. Once you click on 'Finish,' it will start scanning your website and shows results in 'Scan Results' window. Under Alerts, you can see detected vulnerabilities, and their severity level i.e. high, mdium, low or informational. To view further details click on the specific vulnerability, you will see a brief description of vulnerability, its impact and details on how to fix it.