ARTICLE

Acunetix web vulnerability scanner version 4.0

Tuesday 23 January 2007

Acunetix Web Vulnerability Scanner (WVS) is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive web site and web application penetration testing.

Acunetix WVS automatically checks for the following vulnerabilities among others:

Version Check

- Vulnerable Web Servers
- Vulnerable Web Server Technologies – such as “PHP 4.3.0 file disclosure and possible code execution.

CGI Tester

- Checks for Web Servers Problems – Determines if dangerous HTTP methods are enabled on the web server (e.g. PUT, TRACE, DELETE)
- Verify Web Server Technologies

Parameter Manipulation

- Cross-Site Scripting (XSS) – over 25 different XSS variations are tested.
- SQL Injection
- Code Execution
- Directory Traversal
- File Inclusion
- Script Source Code Disclosure
- CRLF Injection
- Cross Frame Scripting (XFS)
- PHP Code Injection
- XPath Injection
- Full Path Disclosure
- LDAP Injection
- Cookie Manipulation

MultiRequest Parameter Manipulation

- Blind SQL/XPath Injection

File Checks

- Checks for Backup Files or Directories - Looks for common files (such as logs, application traces, CVS web repositories)
- Cross Site Scripting in URI
- Checks for Script Errors

Directory Checks

- Looks for Common Files (such as logs, traces, CVS)
- Discover Sensitive Files/Directories
- Discovers Directories with Weak Permissions
- Cross Site Scripting in Path and PHPSESSID Session Fixation. Web Applications

Text Search

- Directory Listings
- Source Code Disclosure
- Check for Common Files
- Check for Email Addresses
- Microsoft Office Possible Sensitive Information
- Local Path Disclosure
- Error Messages

GHDB Google Hacking Database

- Over 1200 GHDB Search Entries in the Database
- Other vulnerability tests may also be preformed using the manual tools provided, including:

Input Validation
- Authentication attacks
- Buffer overflows

[This software has been added to our SD Tools Watch Process]


POSTSCRIPTUM

Download Demo


RELATED ARTICLES

Acunetix, Application Scanner, Vulnerability Scanner,

15 October 2008 : Acunetix WVS Version 6 Beta is available for download
4 September 2007 : Acunetix web vulnerability scanner updated to 5.1 Build 70829
21 June 2007 : Acunetix web vulnerability scanner version 5 get released
23 January 2007 : Acunetix web vulnerability scanner version 4.0